feat: middleware limita editor ai percorsi contenuti
This commit is contained in:
+11
-1
@@ -1,6 +1,6 @@
|
||||
import { defineMiddleware } from 'astro:middleware';
|
||||
import { getDb } from './lib/db';
|
||||
import { getSessionUser, SESSION_COOKIE } from './lib/auth';
|
||||
import { getSessionUser, SESSION_COOKIE, canAccessAdminPath } from './lib/auth';
|
||||
|
||||
export const onRequest = defineMiddleware((context, next) => {
|
||||
const { pathname } = context.url;
|
||||
@@ -19,6 +19,16 @@ export const onRequest = defineMiddleware((context, next) => {
|
||||
}
|
||||
return context.redirect('/admin/login');
|
||||
}
|
||||
|
||||
if (!canAccessAdminPath(user.role, pathname)) {
|
||||
if (pathname.startsWith('/api/')) {
|
||||
return new Response(JSON.stringify({ error: 'Permessi insufficienti' }), {
|
||||
status: 403, headers: { 'Content-Type': 'application/json' },
|
||||
});
|
||||
}
|
||||
return context.redirect('/admin/content');
|
||||
}
|
||||
|
||||
context.locals.user = user;
|
||||
return next();
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user