- Add role detection
- Restrict APIs to personnels - Show 403 for unauthorized access"
This commit is contained in:
@@ -4,6 +4,7 @@ import { AsyncRoute } from "$fresh/src/server/types.ts";
|
|||||||
export interface AuthenticatedState {
|
export interface AuthenticatedState {
|
||||||
isAuthenticated: true;
|
isAuthenticated: true;
|
||||||
isFromPolytech: boolean;
|
isFromPolytech: boolean;
|
||||||
|
role: "etudiants" | "personnels" | "autres";
|
||||||
session: CasContent;
|
session: CasContent;
|
||||||
availablePages: Record<string, string>;
|
availablePages: Record<string, string>;
|
||||||
}
|
}
|
||||||
|
|||||||
+27
-1
@@ -25,6 +25,14 @@ function isRoutePublic(route: string): boolean {
|
|||||||
!!(route.match(/\..+$/)?.[0] ?? false);
|
!!(route.match(/\..+$/)?.[0] ?? false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if the given route is an API route.
|
||||||
|
* @param route The route to check.
|
||||||
|
* @returns `true` if the route is an API route, `false` otherwise.
|
||||||
|
*/
|
||||||
|
function isRouteAnAPI(route: string): boolean {
|
||||||
|
return route.includes("/api/");
|
||||||
|
}
|
||||||
/**
|
/**
|
||||||
* Get the given user's key, creating it if not already existing.
|
* Get the given user's key, creating it if not already existing.
|
||||||
* @param user The key's user.
|
* @param user The key's user.
|
||||||
@@ -80,6 +88,18 @@ export const handler: MiddlewareHandler<State>[] = [
|
|||||||
|
|
||||||
if (isFromPolytech) {
|
if (isFromPolytech) {
|
||||||
context.state.session = session;
|
context.state.session = session;
|
||||||
|
|
||||||
|
if (Object.values(session.memberOf).some(
|
||||||
|
(value) => typeof value === "string" && value.includes("cn=amu:ufr:polytech:personnels")
|
||||||
|
)) {
|
||||||
|
context.state.role = "personnels";
|
||||||
|
} else if (Object.values(session.memberOf).some(
|
||||||
|
(value) => typeof value === "string" && value.includes("cn=amu:ufr:polytech:etudiants")
|
||||||
|
)) {
|
||||||
|
context.state.role = "etudiants";
|
||||||
|
} else {
|
||||||
|
context.state.role = "autres";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -108,7 +128,7 @@ export const handler: MiddlewareHandler<State>[] = [
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
if (context.state.isAuthenticated && !context.state.isFromPolytech) {
|
if (!context.state.isFromPolytech) {
|
||||||
return new Response(null, {
|
return new Response(null, {
|
||||||
status: 403,
|
status: 403,
|
||||||
headers: {
|
headers: {
|
||||||
@@ -116,6 +136,12 @@ export const handler: MiddlewareHandler<State>[] = [
|
|||||||
},
|
},
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isRouteAnAPI(url.pathname) && !(context.state.role == "personnels")) {
|
||||||
|
return new Response(null, {
|
||||||
|
status: 403,
|
||||||
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return await context.next();
|
return await context.next();
|
||||||
|
|||||||
Reference in New Issue
Block a user