xiaomai
fa656a8d02
Remove client-side token storage and Authorization header injection Backend login now only returns user data, omitting the session token Remove Authorization from backend CORS allowed headers Clean up obsolete VITE_* environment variable fallbacks Update Modal component to use Vue useId() instead of Math.random()
36 lines
1.5 KiB
TypeScript
36 lines
1.5 KiB
TypeScript
import { api } from '../src/services/api';
|
|
|
|
export default defineNuxtRouteMiddleware(async (to) => {
|
|
const requiredPermissions = to.matched
|
|
.map((record) => record.meta.requiredPermission)
|
|
.filter((permission): permission is string => typeof permission === 'string');
|
|
const requiredAnyPermissions = to.matched.flatMap((record) =>
|
|
Array.isArray(record.meta.requiredAnyPermission)
|
|
? record.meta.requiredAnyPermission.filter((permission): permission is string => typeof permission === 'string')
|
|
: []
|
|
);
|
|
const requiresVerified = to.matched.some((record) => record.meta.requiresVerified === true) || requiredPermissions.length > 0 || requiredAnyPermissions.length > 0;
|
|
const requiresAuth = requiresVerified || to.matched.some((record) => record.meta.requiresAuth === true);
|
|
|
|
if (!requiresAuth) {
|
|
return;
|
|
}
|
|
|
|
try {
|
|
const response = await api.me(import.meta.server ? { headers: useRequestHeaders(['cookie']) } : undefined);
|
|
if (requiresVerified && !response.user.emailVerified) {
|
|
return navigateTo({ path: '/login', query: { redirect: to.fullPath } });
|
|
}
|
|
|
|
const permissionSet = new Set(response.user.permissions);
|
|
if (requiredPermissions.some((permission) => !permissionSet.has(permission))) {
|
|
return navigateTo('/pokemon');
|
|
}
|
|
if (requiredAnyPermissions.length && !requiredAnyPermissions.some((permission) => permissionSet.has(permission))) {
|
|
return navigateTo('/pokemon');
|
|
}
|
|
} catch {
|
|
return navigateTo({ path: '/login', query: { redirect: to.fullPath } });
|
|
}
|
|
});
|