feat: autenticazione a sessioni, middleware admin e script create-user

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
2026-07-02 00:36:07 +02:00
parent d3b5e67132
commit 6caba6fee1
4 changed files with 140 additions and 0 deletions
+24
View File
@@ -0,0 +1,24 @@
import { defineMiddleware } from 'astro:middleware';
import { getDb } from './lib/db';
import { getSessionUser, SESSION_COOKIE } from './lib/auth';
export const onRequest = defineMiddleware((context, next) => {
const { pathname } = context.url;
const isProtected =
(pathname.startsWith('/admin') && pathname !== '/admin/login') ||
pathname.startsWith('/api/admin');
if (!isProtected) return next();
const token = context.cookies.get(SESSION_COOKIE)?.value;
const user = token ? getSessionUser(getDb(), token) : null;
if (!user) {
if (pathname.startsWith('/api/')) {
return new Response(JSON.stringify({ error: 'Non autorizzato' }), {
status: 401, headers: { 'Content-Type': 'application/json' },
});
}
return context.redirect('/admin/login');
}
context.locals.user = user;
return next();
});