Duarte
86 lines
2.1 KiB
TypeScript
86 lines
2.1 KiB
TypeScript
import { db } from '$lib/server/db';
|
|
import * as schema from '$lib/server/db/schema';
|
|
import { eq } from 'drizzle-orm';
|
|
import { redirect, type Handle } from '@sveltejs/kit';
|
|
|
|
export const handle: Handle = async ({ event, resolve }) => {
|
|
const sessionId = event.cookies.get('session');
|
|
event.locals.user = null;
|
|
|
|
if (sessionId) {
|
|
try {
|
|
// Query session and join with user info
|
|
const result = db
|
|
.select({
|
|
session: schema.sessions,
|
|
user: schema.users
|
|
})
|
|
.from(schema.sessions)
|
|
.innerJoin(schema.users, eq(schema.sessions.userId, schema.users.id))
|
|
.where(eq(schema.sessions.id, sessionId))
|
|
.get();
|
|
|
|
if (result) {
|
|
const { session, user } = result;
|
|
|
|
if (session.expiresAt > Date.now()) {
|
|
event.locals.user = {
|
|
id: user.id,
|
|
name: user.name,
|
|
username: user.username,
|
|
role: user.role
|
|
};
|
|
} else {
|
|
// Session expired, clean up
|
|
db.delete(schema.sessions).where(eq(schema.sessions.id, sessionId)).run();
|
|
event.cookies.delete('session', { path: '/' });
|
|
}
|
|
} else {
|
|
// Invalid session cookie
|
|
event.cookies.delete('session', { path: '/' });
|
|
}
|
|
} catch (err) {
|
|
console.error('Error in session auth hook:', err);
|
|
}
|
|
}
|
|
|
|
const path = event.url.pathname;
|
|
|
|
// Route protection
|
|
if (path.startsWith('/admin') || path.startsWith('/super')) {
|
|
if (!event.locals.user) {
|
|
throw redirect(303, `/login?redirectTo=${encodeURIComponent(path)}`);
|
|
}
|
|
|
|
const role = event.locals.user.role;
|
|
|
|
if (path.startsWith('/admin/turnos')) {
|
|
if (role !== 'admin' && role !== 'shift_manager') {
|
|
if (role === 'volunteer') {
|
|
throw redirect(303, '/entregas');
|
|
}
|
|
throw redirect(303, '/login');
|
|
}
|
|
} else {
|
|
if (role !== 'admin') {
|
|
if (role === 'volunteer') {
|
|
throw redirect(303, '/entregas');
|
|
}
|
|
throw redirect(303, '/login');
|
|
}
|
|
}
|
|
}
|
|
|
|
if (path.startsWith('/entregas')) {
|
|
if (!event.locals.user) {
|
|
throw redirect(303, `/login?redirectTo=${encodeURIComponent(path)}`);
|
|
}
|
|
}
|
|
|
|
if (path === '/login' && event.locals.user) {
|
|
throw redirect(303, '/');
|
|
}
|
|
|
|
return resolve(event);
|
|
};
|