mmintel/gridpilot.gg
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

middleware fix wip

Browse Source
This commit is contained in:
Marc Mintel
2026-01-04 23:02:28 +01:00
parent 691e6e2c7e
commit cd3d9ae34f
8 changed files with 74 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apps/website/lib/auth/AuthFlowRouter.ts
View File

@@ -227,8 +227,11 @@ export function handleAuthFlow(
return { shouldRedirect: false, shouldShowPage: true };
case AuthActionType.SHOW_PERMISSION_ERROR:
const errorUrl = router.getLoginRedirectUrl();
logger.info('[handleAuthFlow] Returning SHOW_PERMISSION_ERROR', { errorUrl });
return { shouldRedirect: true, redirectUrl: errorUrl };
// Redirect to user's home page instead of login (they're already logged in)
const homeUrl = session?.role === 'sponsor' ? routes.sponsor.dashboard :
session?.role === 'admin' ? routes.admin.root :
routes.protected.dashboard;
logger.info('[handleAuthFlow] Returning SHOW_PERMISSION_ERROR, redirecting to home', { homeUrl, userRole: session?.role });
return { shouldRedirect: true, redirectUrl: homeUrl };
}
}

4
apps/website/lib/auth/RouteAccessPolicy.ts
View File

@@ -49,7 +49,9 @@ export class RouteAccessPolicy {
*/
requiredRoles(logicalPathname: string): string[] | null {
// Use catalog's role-based access method
return this.catalog.getRequiredRoles(logicalPathname);
const roles = this.catalog.getRequiredRoles(logicalPathname);
console.log(`[RouteAccessPolicy] requiredRoles for ${logicalPathname}:`, roles);
return roles;
}
/**

15
apps/website/lib/auth/RouteGuard.ts
View File

@@ -4,6 +4,9 @@ import { RouteAccessPolicy } from './RouteAccessPolicy';
import { SessionGateway } from '../gateways/SessionGateway';
import { AuthRedirectBuilder } from './AuthRedirectBuilder';
import type { AuthSessionDTO } from '../types/generated/AuthSessionDTO';
import { ConsoleLogger } from '../infrastructure/logging/ConsoleLogger';
const logger = new ConsoleLogger();
export class RouteGuard {
constructor(
@@ -14,43 +17,55 @@ export class RouteGuard {
) {}
async enforce({ pathname }: { pathname: string }): Promise<void> {
logger.info('[RouteGuard] enforce called', { pathname });
// Step 1: Interpret the pathname
const { logicalPathname } = this.interpreter.interpret(pathname);
logger.info('[RouteGuard] logicalPathname', { logicalPathname });
// Step 2: Check if public non-auth page
if (this.policy.isPublic(logicalPathname) && !this.policy.isAuthPage(logicalPathname)) {
logger.info('[RouteGuard] Public non-auth page, allowing access');
return; // Allow access
}
// Step 3: Handle auth pages
if (this.policy.isAuthPage(logicalPathname)) {
logger.info('[RouteGuard] Auth page detected');
const session = await this.gateway.getSession();
if (session) {
// User is logged in, redirect away from auth page
const redirectPath = this.builder.awayFromAuthPage({ session, currentPathname: pathname });
logger.info('[RouteGuard] Redirecting away from auth page', { redirectPath });
redirect(redirectPath);
}
// No session, allow access to auth page
logger.info('[RouteGuard] No session, allowing access to auth page');
return;
}
// Step 4: Handle protected pages
const session = await this.gateway.getSession();
logger.info('[RouteGuard] Protected page, session', { hasSession: !!session, role: session?.user?.role, sessionData: JSON.stringify(session, null, 2) });
// No session, redirect to login
if (!session) {
const loginPath = this.builder.toLogin({ currentPathname: pathname });
logger.info('[RouteGuard] No session, redirecting to login', { loginPath });
redirect(loginPath);
}
// Check required roles
const reqRoles = this.policy.requiredRoles(logicalPathname);
logger.info('[RouteGuard] Checking required roles', { reqRoles, userRole: session.user?.role });
if (reqRoles && session.user?.role && !reqRoles.includes(session.user.role)) {
const loginPath = this.builder.toLogin({ currentPathname: pathname });
logger.info('[RouteGuard] Role mismatch, redirecting to login', { loginPath, reqRoles, userRole: session.user.role });
redirect(loginPath);
}
// All checks passed, allow access
logger.info('[RouteGuard] All checks passed, allowing access');
return;
}
}