- Add role detection
- Restrict APIs to personnels - Show 403 for unauthorized access"
This commit is contained in:
@@ -4,6 +4,7 @@ import { AsyncRoute } from "$fresh/src/server/types.ts";
|
||||
export interface AuthenticatedState {
|
||||
isAuthenticated: true;
|
||||
isFromPolytech: boolean;
|
||||
role: "etudiants" | "personnels" | "autres";
|
||||
session: CasContent;
|
||||
availablePages: Record<string, string>;
|
||||
}
|
||||
|
||||
+27
-1
@@ -25,6 +25,14 @@ function isRoutePublic(route: string): boolean {
|
||||
!!(route.match(/\..+$/)?.[0] ?? false);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the given route is an API route.
|
||||
* @param route The route to check.
|
||||
* @returns `true` if the route is an API route, `false` otherwise.
|
||||
*/
|
||||
function isRouteAnAPI(route: string): boolean {
|
||||
return route.includes("/api/");
|
||||
}
|
||||
/**
|
||||
* Get the given user's key, creating it if not already existing.
|
||||
* @param user The key's user.
|
||||
@@ -80,6 +88,18 @@ export const handler: MiddlewareHandler<State>[] = [
|
||||
|
||||
if (isFromPolytech) {
|
||||
context.state.session = session;
|
||||
|
||||
if (Object.values(session.memberOf).some(
|
||||
(value) => typeof value === "string" && value.includes("cn=amu:ufr:polytech:personnels")
|
||||
)) {
|
||||
context.state.role = "personnels";
|
||||
} else if (Object.values(session.memberOf).some(
|
||||
(value) => typeof value === "string" && value.includes("cn=amu:ufr:polytech:etudiants")
|
||||
)) {
|
||||
context.state.role = "etudiants";
|
||||
} else {
|
||||
context.state.role = "autres";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -108,7 +128,7 @@ export const handler: MiddlewareHandler<State>[] = [
|
||||
});
|
||||
}
|
||||
|
||||
if (context.state.isAuthenticated && !context.state.isFromPolytech) {
|
||||
if (!context.state.isFromPolytech) {
|
||||
return new Response(null, {
|
||||
status: 403,
|
||||
headers: {
|
||||
@@ -116,6 +136,12 @@ export const handler: MiddlewareHandler<State>[] = [
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
if (isRouteAnAPI(url.pathname) && !(context.state.role == "personnels")) {
|
||||
return new Response(null, {
|
||||
status: 403,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
return await context.next();
|
||||
|
||||
Reference in New Issue
Block a user