feat: middleware limita editor ai percorsi contenuti

This commit is contained in:
2026-07-05 15:38:21 +02:00
parent 0f94b5017c
commit 5f1d9f3740
+11 -1
View File
@@ -1,6 +1,6 @@
import { defineMiddleware } from 'astro:middleware';
import { getDb } from './lib/db';
import { getSessionUser, SESSION_COOKIE } from './lib/auth';
import { getSessionUser, SESSION_COOKIE, canAccessAdminPath } from './lib/auth';
export const onRequest = defineMiddleware((context, next) => {
const { pathname } = context.url;
@@ -19,6 +19,16 @@ export const onRequest = defineMiddleware((context, next) => {
}
return context.redirect('/admin/login');
}
if (!canAccessAdminPath(user.role, pathname)) {
if (pathname.startsWith('/api/')) {
return new Response(JSON.stringify({ error: 'Permessi insufficienti' }), {
status: 403, headers: { 'Content-Type': 'application/json' },
});
}
return context.redirect('/admin/content');
}
context.locals.user = user;
return next();
});