smlynarczyk85/CLProject
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modified version

Browse Source
This commit is contained in:
Stan
2026-04-21 23:26:13 +02:00
parent e7127f3215
commit bdd06105dd
46 changed files with 1250 additions and 5248 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/middleware/authMiddleware.js
+18 -10
View File
@@ -16,6 +16,21 @@ function getAuthToken(req) {
return req.cookies?.auth_token || req.headers.authorization?.replace('Bearer ', '') || null;
}
/*
* Determine whether a request originates from API/JSON consumers. This decides
* whether an unauthenticated request should receive a `401` JSON body (for
* XHR/fetch callers) or a redirect to the appropriate login page (for browser
* navigation). `req.originalUrl` is used instead of `req.path` so the check
* also works when this middleware runs behind a `Router` mount point.
*/
function isApiRequest(req) {
return (
req.originalUrl?.startsWith('/api/') ||
req.xhr ||
req.headers.accept?.includes('application/json')
);
}
/**
* Middleware to require admin authentication.
* Redirects to login page for HTML requests, returns 401 for API requests.
@@ -25,10 +40,7 @@ export function requireAdminAuth(req, res, next) {
const session = token ? validateSession(token) : null;
if (!session || session.type !== 'admin') {
/* Check if this is an API request or page request */
const isApiRequest = req.path.startsWith('/api/') || req.xhr || req.headers.accept?.includes('application/json');
if (isApiRequest) {
if (isApiRequest(req)) {
return res.status(401).json({ message: 'Admin authentication required.' });
}
@@ -49,9 +61,7 @@ export function requireUserAuth(req, res, next) {
const session = token ? validateSession(token) : null;
if (!session || session.type !== 'user') {
const isApiRequest = req.path.startsWith('/api/') || req.xhr || req.headers.accept?.includes('application/json');
if (isApiRequest) {
if (isApiRequest(req)) {
return res.status(401).json({ message: 'User authentication required.' });
}
@@ -71,9 +81,7 @@ export function requireAnyAuth(req, res, next) {
const session = token ? validateSession(token) : null;
if (!session) {
const isApiRequest = req.path.startsWith('/api/') || req.xhr || req.headers.accept?.includes('application/json');
if (isApiRequest) {
if (isApiRequest(req)) {
return res.status(401).json({ message: 'Authentication required.' });
}