knotbin.com / airport
Graphical PDS migrator for AT Protocol
fork atom

fix auth middleware

knotbin.com 62c04ba0 b8b753ef

options
unified split
Changed files
+6 -17
main.ts
+6 -17
main.ts 
···

       
2

       
2

       
 

       



     

       
3

       
3

       
 

       
import { App, fsRoutes, staticFiles } from "fresh";


     

       
4

       
4

       
 

       
import { define, type State } from "./utils.ts";


     

       

       
5

       
+

       
import { getSession } from "./lib/sessions.ts";


     

       
5

       
6

       
 

       



     

       
6

       
7

       
 

       
export const app = new App<State>();


     

       
7

       
8

       
 

       



     
···

       
11

       
12

       
 

       
const authMiddleware = define.middleware(async (ctx) => {


     

       
12

       
13

       
 

       
  const url = new URL(ctx.req.url);


     

       
13

       
14

       
 

       
  const needsAuth = url.pathname.startsWith("/migrate");


     

       
14

       

       
-

       
  


     

       

       
15

       
+

       



     

       
15

       
16

       
 

       
  // Skip auth check if not a protected route


     

       
16

       
17

       
 

       
  if (!needsAuth || url.pathname === "/login" || url.pathname.startsWith("/api/")) {


     

       
17

       
18

       
 

       
    return ctx.next();


     

       
18

       
19

       
 

       
  }


     

       
19

       
20

       
 

       



     

       
20

       
21

       
 

       
  try {


     

       
21

       

       
-

       
    const me = await fetch(`${url.origin}/api/me`, {


     

       
22

       

       
-

       
      credentials: "include",


     

       
23

       

       
-

       
      headers: {


     

       
24

       

       
-

       
        "Cookie": ctx.req.headers.get("cookie") || ""


     

       
25

       

       
-

       
      }


     

       
26

       

       
-

       
    });


     

       
27

       

       
-

       
    


     

       
28

       

       
-

       
    console.log("[auth] /api/me response:", {


     

       
29

       

       
-

       
      status: me.status,


     

       
30

       

       
-

       
      statusText: me.statusText,


     

       
31

       

       
-

       
      headers: Object.fromEntries(me.headers.entries())


     

       
32

       

       
-

       
    });


     

       

       
22

       
+

       
    const session = await getSession(ctx.req)


     

       
33

       
23

       
 

       



     

       
34

       

       
-

       
    const json = await me.json();


     

       
35

       

       
-

       
    console.log("[auth] /api/me response data:", json);


     

       

       
24

       
+

       
    console.log("[auth] Session:", session);


     

       
36

       
25

       
 

       



     

       
37

       

       
-

       
    const isAuthenticated = json && typeof json === 'object' && json.did;


     

       

       
26

       
+

       
    const isAuthenticated = session !== null && session.did !== null;


     

       
38

       
27

       
 

       
    ctx.state.auth = isAuthenticated;


     

       
39

       

       
-

       
    


     

       

       
28

       
+

       



     

       
40

       
29

       
 

       
    if (!isAuthenticated) {


     

       
41

       
30

       
 

       
      console.log("[auth] Authentication required but not authenticated");


     

       
42

       
31

       
 

       
      return ctx.redirect("/login");