Add 403 error page and Polytech access control.

2026-01-06 18:56:10 +01:00
parent cb89a45743
commit 7d7cdd1c9a
4 changed files with 45 additions and 9 deletions
@@ -45,6 +45,7 @@ export function getKey(user: string): string {
 export const handler: MiddlewareHandler<State>[] = [
  /**
   * Check if user is authenticated and add session to context accordingly.
+   * Only authenticated users who are members of Polytech are allowed.
   * @param request The HTTP incomming request.
   * @param context The Fresh context object with custom `State`.
   * @returns The response from the next middleware.
@@ -56,6 +57,7 @@ export const handler: MiddlewareHandler<State>[] = [
    const cookies = getCookies(request.headers);
    if (!cookies["sessionToken"]) {
      context.state.isAuthenticated = false;
+      context.state.isFromPolytech = false;
      return await context.next();
    }

@@ -71,8 +73,15 @@ export const handler: MiddlewareHandler<State>[] = [
      const session: CasContent = (
        getJwtPayload(cookies["sessionToken"]) as LoginJWT
      ).user;
-      if (session.memberOf.includes("cn=amu:ufr:polytech:ldap")) {
-        console.log("Polytech trouvé !");
+
+      const isFromPolytech = Object.values(session.memberOf).some(
+        (value) =>
+          typeof value === "string" && value.includes("cn=amu:ufr:polytech"),
+      );
+
+      context.state.isFromPolytech = isFromPolytech;
+
+      if (isFromPolytech) {
        context.state.session = session;
      }
    }
@@ -92,13 +101,24 @@ export const handler: MiddlewareHandler<State>[] = [
  ): Promise<Response> {
    const url = new URL(request.url);

-    if (!isRoutePublic(url.pathname) && !context.state.isAuthenticated) {
-      return new Response(null, {
-        status: 302,
-        headers: {
-          Location: "/login",
-        },
-      });
+    if (!isRoutePublic(url.pathname)) {
+      if (!context.state.isAuthenticated) {
+        return new Response(null, {
+          status: 302,
+          headers: {
+            Location: "/login",
+          },
+        });
+      }
+
+      if (context.state.isAuthenticated && !context.state.isFromPolytech) {
+        return new Response(null, {
+          status: 403,
+          headers: {
+            Location: "/403",
+          },
+        });
+      }
    }

    return await context.next();