feat(bookings): restrict management to assigned PIC or super admin

Secure API endpoints with requireBookingManager authorization check Update confirmation page to prompt for login if unauthorized Add safe redirect handling to login and guest middleware
2026-05-09 13:28:50 +08:00
parent a56a6706b0
commit cb683d6b3d
11 changed files with 102 additions and 13 deletions
--- a/app/middleware/guest.ts
+++ b/app/middleware/guest.ts
@@ -1,6 +1,14 @@
 import { getDefaultAuthenticatedPath } from '~~/shared/auth'

-export default defineNuxtRouteMiddleware(async () => {
+function getSafeRedirectPath(value: unknown) {
+  const redirect = Array.isArray(value) ? value[0] : value
+
+  return typeof redirect === 'string' && redirect.startsWith('/') && !redirect.startsWith('//')
+    ? redirect
+    : null
+}
+
+export default defineNuxtRouteMiddleware(async (to) => {
  const auth = useAuth()
  await auth.fetchSession()

@@ -8,5 +16,5 @@ export default defineNuxtRouteMiddleware(async () => {
    return
  }

-  return navigateTo(getDefaultAuthenticatedPath(auth.user.value))
+  return navigateTo(getSafeRedirectPath(to.query.redirect) || getDefaultAuthenticatedPath(auth.user.value))
 })