diff --git a/defaults/interfaces.ts b/defaults/interfaces.ts index de6698f..145b975 100644 --- a/defaults/interfaces.ts +++ b/defaults/interfaces.ts @@ -4,6 +4,7 @@ import { AsyncRoute } from "$fresh/src/server/types.ts"; export interface AuthenticatedState { isAuthenticated: true; isFromPolytech: boolean; + role: "etudiants" | "personnels" | "autres"; session: CasContent; availablePages: Record; } diff --git a/routes/_middleware.ts b/routes/_middleware.ts index a2653a4..1a02e0b 100644 --- a/routes/_middleware.ts +++ b/routes/_middleware.ts @@ -25,6 +25,14 @@ function isRoutePublic(route: string): boolean { !!(route.match(/\..+$/)?.[0] ?? false); } +/** + * Checks if the given route is an API route. + * @param route The route to check. + * @returns `true` if the route is an API route, `false` otherwise. + */ +function isRouteAnAPI(route: string): boolean { + return route.includes("/api/"); +} /** * Get the given user's key, creating it if not already existing. * @param user The key's user. @@ -80,6 +88,18 @@ export const handler: MiddlewareHandler[] = [ if (isFromPolytech) { context.state.session = session; + + if (Object.values(session.memberOf).some( + (value) => typeof value === "string" && value.includes("cn=amu:ufr:polytech:personnels") + )) { + context.state.role = "personnels"; + } else if (Object.values(session.memberOf).some( + (value) => typeof value === "string" && value.includes("cn=amu:ufr:polytech:etudiants") + )) { + context.state.role = "etudiants"; + } else { + context.state.role = "autres"; + } } } @@ -108,7 +128,7 @@ export const handler: MiddlewareHandler[] = [ }); } - if (context.state.isAuthenticated && !context.state.isFromPolytech) { + if (!context.state.isFromPolytech) { return new Response(null, { status: 403, headers: { @@ -116,6 +136,12 @@ export const handler: MiddlewareHandler[] = [ }, }); } + + if (isRouteAnAPI(url.pathname) && !(context.state.role == "personnels")) { + return new Response(null, { + status: 403, + }); + } } return await context.next();