arie.bagus.2905/web-antrean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ec9dac0789d4448c2a530285a4d6a0ae3149716d
web-antrean/middleware/checkPageAccess.ts
T
Fanrouver 1446e87bba tambahan subspesialis tapi masih pisah
2026-05-20 08:51:52 +07:00

71 lines
2.9 KiB
TypeScript
Raw Blame History

// middleware/checkPageAccess.ts
// Middleware to check if user has access to the page based on hakAkses
export default defineNuxtRouteMiddleware(async (to, from) => {
// Skip check for public pages
const publicPaths = ['/LoginPage', '/auth/login', '/index-legacy'];
// index.vue is the debug dashboard, let's keep it accessible for now as requested
if (to.path === '/' || publicPaths.includes(to.path)) {
return;
}
// On server-side, skip access check - let client handle it
// This matches auth.ts behavior and prevents SSR failures when cookie context is missing
if (process.server) {
console.log('⏭️ Server-side: Skipping page access check (will verify on client)');
return;
}
// Import useAuth and useHakAkses
const { user, checkAuth } = useAuth();
const { getAllowedPages } = useHakAkses();
// If user not loaded, try to load
if (!user.value) {
await checkAuth();
}
// If still not authenticated, redirect to login
if (!user.value) {
return navigateTo('/LoginPage');
}
try {
const allowedPages = await getAllowedPages();
const targetPath = to.path.endsWith('/') && to.path.length > 1 ? to.path.slice(0, -1) : to.path;
const targetPathLower = targetPath.toLowerCase();
const toPathLower = to.path.toLowerCase();
// Check if user has access to this page
// We also check against the raw path just in case, case-insensitive
const isAllowed = allowedPages.some(path => {
const normalizedAllowed = path.endsWith('/') && path.length > 1 ? path.slice(0, -1) : path;
const normalizedAllowedLower = normalizedAllowed.toLowerCase();
const pathLower = path.toLowerCase();
return normalizedAllowedLower === targetPathLower || pathLower === toPathLower;
});
if (!isAllowed) {
console.warn(`Access denied to ${to.path}. User allowed pages:`, allowedPages);
// Redirect to first allowed page if available, else stay/error
if (allowedPages.length > 0) {
// If dashboard is allowed, go there, else go to the first allowed one
const dashboardPath = allowedPages.find(p => p === '/' || p === '/dashboard');
return navigateTo(dashboardPath || allowedPages[0]);
} else {
// No access to any page - technically this shouldn't happen if user has roles
console.error('User has roles but no allowed pages found in configuration.');
// For now, allow root as fallback since index.vue is kept
if (to.path === '/') return;
}
}
} catch (error) {
console.error('Error checking page access:', error);
// On error, we might want to allow or block. Let's allow but log.
return;
}
});
Reference in New Issue View Git Blame Copy Permalink