sso-core/src/routes/ssoadmin/+layout.server.ts

import { Users } from '$lib/server/users/index.js';
import { hasPrivileges } from '$lib/utils.js';
import { error, redirect } from '@sveltejs/kit';

export const load = async ({ url, locals }) => {
	const userInfo = locals.session.data?.user;
	const currentUser = await Users.getBySession(userInfo);
	if (!userInfo || !currentUser) {
		await locals.session.destroy();
		return redirect(301, `/login?redirectTo=${encodeURIComponent(url.pathname)}`);
	}

	// Only users with 'admin' privilege can access
	const privileges = await Users.getUserPrivileges(currentUser);
	if (!hasPrivileges(privileges, ['admin', 'self:oauth2'])) {
		return error(404, 'Not Found');
	}

	return {
		renderrt: Date.now(),
		user: {
			...userInfo,
			privileges
		}
	};
};
admin stuff 2024-06-01 14:42:08 +03:00			`import { Users } from '$lib/server/users/index.js';`
Invert privilege check logic 2024-06-09 11:42:01 +03:00			`import { hasPrivileges } from '$lib/utils.js';`
admin stuff 2024-06-01 14:42:08 +03:00			`import { error, redirect } from '@sveltejs/kit';`

			`export const load = async ({ url, locals }) => {`
			`const userInfo = locals.session.data?.user;`
			`const currentUser = await Users.getBySession(userInfo);`
			`if (!userInfo \|\| !currentUser) {`
			`await locals.session.destroy();`
			return redirect(301, `/login?redirectTo=${encodeURIComponent(url.pathname)}`);
			`}`

			`// Only users with 'admin' privilege can access`
			`const privileges = await Users.getUserPrivileges(currentUser);`
Invert privilege check logic 2024-06-09 11:42:01 +03:00			`if (!hasPrivileges(privileges, ['admin', 'self:oauth2'])) {`
admin stuff 2024-06-01 14:42:08 +03:00			`return error(404, 'Not Found');`
			`}`

			`return {`
user management mostly done 2024-06-01 18:50:36 +03:00			`renderrt: Date.now(),`
admin stuff 2024-06-01 14:42:08 +03:00			`user: {`
			`...userInfo,`
			`privileges`
			`}`
			`};`
			`};`