admin/PolyMPR
1
0
Fork 0
Code Issues 14 Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity

- Add role detection

Browse Source 
- Restrict APIs to personnels
- Show 403 for unauthorized access"
This commit is contained in:
Anys
2026-01-06 19:05:59 +01:00
parent 7d7cdd1c9a
commit 718e7f9d76
2 changed files with 28 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
defaults/interfaces.ts
+1
View File
@@ -4,6 +4,7 @@ import { AsyncRoute } from "$fresh/src/server/types.ts";
interface AuthenticatedState {
isAuthenticated: true;
isFromPolytech: boolean;
role: "etudiants" | "personnels" | "autres";
session: CasContent;
}
routes/_middleware.ts
+27 -1
View File
@@ -26,6 +26,14 @@ function isRoutePublic(route: string): boolean {
);
}
/**
* Checks if the given route is an API route.
* @param route The route to check.
* @returns `true` if the route is an API route, `false` otherwise.
*/
function isRouteAnAPI(route: string): boolean {
return route.includes("/api/");
}
/**
* Get the given user's key, creating it if not already existing.
* @param user The key's user.
@@ -83,6 +91,18 @@ export const handler: MiddlewareHandler<State>[] = [
if (isFromPolytech) {
context.state.session = session;
if (Object.values(session.memberOf).some(
(value) => typeof value === "string" && value.includes("cn=amu:ufr:polytech:personnels")
)) {
context.state.role = "personnels";
} else if (Object.values(session.memberOf).some(
(value) => typeof value === "string" && value.includes("cn=amu:ufr:polytech:etudiants")
)) {
context.state.role = "etudiants";
} else {
context.state.role = "autres";
}
}
}
@@ -111,7 +131,7 @@ export const handler: MiddlewareHandler<State>[] = [
});
}
if (context.state.isAuthenticated && !context.state.isFromPolytech) {
if (!context.state.isFromPolytech) {
return new Response(null, {
status: 403,
headers: {
@@ -119,6 +139,12 @@ export const handler: MiddlewareHandler<State>[] = [
},
});
}
if (isRouteAnAPI(url.pathname) && !(context.state.role == "personnels")) {
return new Response(null, {
status: 403,
});
}
}
return await context.next();