feat: middleware limita editor ai percorsi contenuti
This commit is contained in:
+11
-1
@@ -1,6 +1,6 @@
|
|||||||
import { defineMiddleware } from 'astro:middleware';
|
import { defineMiddleware } from 'astro:middleware';
|
||||||
import { getDb } from './lib/db';
|
import { getDb } from './lib/db';
|
||||||
import { getSessionUser, SESSION_COOKIE } from './lib/auth';
|
import { getSessionUser, SESSION_COOKIE, canAccessAdminPath } from './lib/auth';
|
||||||
|
|
||||||
export const onRequest = defineMiddleware((context, next) => {
|
export const onRequest = defineMiddleware((context, next) => {
|
||||||
const { pathname } = context.url;
|
const { pathname } = context.url;
|
||||||
@@ -19,6 +19,16 @@ export const onRequest = defineMiddleware((context, next) => {
|
|||||||
}
|
}
|
||||||
return context.redirect('/admin/login');
|
return context.redirect('/admin/login');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!canAccessAdminPath(user.role, pathname)) {
|
||||||
|
if (pathname.startsWith('/api/')) {
|
||||||
|
return new Response(JSON.stringify({ error: 'Permessi insufficienti' }), {
|
||||||
|
status: 403, headers: { 'Content-Type': 'application/json' },
|
||||||
|
});
|
||||||
|
}
|
||||||
|
return context.redirect('/admin/content');
|
||||||
|
}
|
||||||
|
|
||||||
context.locals.user = user;
|
context.locals.user = user;
|
||||||
return next();
|
return next();
|
||||||
});
|
});
|
||||||
|
|||||||
Reference in New Issue
Block a user