mmintel/gridpilot.gg
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
606b64cec754baaf58ff4b0d76b3e7dbee24658a
gridpilot.gg/apps/website/lib/auth/RouteGuard.ts
Marc Mintel cd3d9ae34f middleware fix wip
2026-01-04 23:02:28 +01:00

72 lines
3.0 KiB
TypeScript
Raw Blame History

import { redirect } from 'next/navigation';
import { PathnameInterpreter } from './PathnameInterpreter';
import { RouteAccessPolicy } from './RouteAccessPolicy';
import { SessionGateway } from '../gateways/SessionGateway';
import { AuthRedirectBuilder } from './AuthRedirectBuilder';
import type { AuthSessionDTO } from '../types/generated/AuthSessionDTO';
import { ConsoleLogger } from '../infrastructure/logging/ConsoleLogger';
const logger = new ConsoleLogger();
export class RouteGuard {
constructor(
private readonly interpreter: PathnameInterpreter,
private readonly policy: RouteAccessPolicy,
private readonly gateway: SessionGateway,
private readonly builder: AuthRedirectBuilder
) {}
async enforce({ pathname }: { pathname: string }): Promise<void> {
logger.info('[RouteGuard] enforce called', { pathname });
// Step 1: Interpret the pathname
const { logicalPathname } = this.interpreter.interpret(pathname);
logger.info('[RouteGuard] logicalPathname', { logicalPathname });
// Step 2: Check if public non-auth page
if (this.policy.isPublic(logicalPathname) && !this.policy.isAuthPage(logicalPathname)) {
logger.info('[RouteGuard] Public non-auth page, allowing access');
return; // Allow access
}
// Step 3: Handle auth pages
if (this.policy.isAuthPage(logicalPathname)) {
logger.info('[RouteGuard] Auth page detected');
const session = await this.gateway.getSession();
if (session) {
// User is logged in, redirect away from auth page
const redirectPath = this.builder.awayFromAuthPage({ session, currentPathname: pathname });
logger.info('[RouteGuard] Redirecting away from auth page', { redirectPath });
redirect(redirectPath);
}
// No session, allow access to auth page
logger.info('[RouteGuard] No session, allowing access to auth page');
return;
}
// Step 4: Handle protected pages
const session = await this.gateway.getSession();
logger.info('[RouteGuard] Protected page, session', { hasSession: !!session, role: session?.user?.role, sessionData: JSON.stringify(session, null, 2) });
// No session, redirect to login
if (!session) {
const loginPath = this.builder.toLogin({ currentPathname: pathname });
logger.info('[RouteGuard] No session, redirecting to login', { loginPath });
redirect(loginPath);
}
// Check required roles
const reqRoles = this.policy.requiredRoles(logicalPathname);
logger.info('[RouteGuard] Checking required roles', { reqRoles, userRole: session.user?.role });
if (reqRoles && session.user?.role && !reqRoles.includes(session.user.role)) {
const loginPath = this.builder.toLogin({ currentPathname: pathname });
logger.info('[RouteGuard] Role mismatch, redirecting to login', { loginPath, reqRoles, userRole: session.user.role });
redirect(loginPath);
}
// All checks passed, allow access
logger.info('[RouteGuard] All checks passed, allowing access');
return;
}
}
Reference in New Issue View Git Blame Copy Permalink