Kingsmai/dticket.tootaio.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(bookings): restrict management to assigned PIC or super admin

Browse Source 
Secure API endpoints with requireBookingManager authorization check
Update confirmation page to prompt for login if unauthorized
Add safe redirect handling to login and guest middleware
This commit is contained in:
xiaomai
2026-05-09 13:28:50 +08:00
parent a56a6706b0
commit cb683d6b3d
11 changed files with 102 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/pages/login/index.vue
View File

@@ -128,6 +128,7 @@ useSeoMeta({
})
const toast = useToast()
const route = useRoute()
const router = useRouter()
const auth = useAuth()
const apiClient = useApiClient()
@@ -141,6 +142,14 @@ const form = reactive({
const passwordPending = ref(false)
const passkeyPending = ref(false)
function getSafeRedirectPath(value: unknown) {
const redirect = Array.isArray(value) ? value[0] : value
return typeof redirect === 'string' && redirect.startsWith('/') && !redirect.startsWith('//')
? redirect
: null
}
function validateLogin(state: typeof form): FormError[] {
const errors: FormError[] = []
@@ -160,7 +169,7 @@ async function finishLogin(user: Awaited<ReturnType<typeof auth.fetchSession>>)
return
}
await router.push(getDefaultAuthenticatedPath(user))
await router.push(getSafeRedirectPath(route.query.redirect) || getDefaultAuthenticatedPath(user))
}
async function onSubmit(event: FormSubmitEvent<typeof form>) {