From 3f1ba5a5569b75f89ac4b9daae0ab73f45849295 Mon Sep 17 00:00:00 2001
From: KKlochko <KKlochko@protonmail.com>
Date: Thu, 18 Apr 2024 16:28:12 +0300
Subject: [PATCH] Add the middleware to prevent access to the admin panel if
 authorized.

---
 src/main/blog/handlers.cljs | 15 +++++++++++++++
 src/main/blog/server.cljs   | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

diff --git a/src/main/blog/handlers.cljs b/src/main/blog/handlers.cljs
index 37fc7a0..a9f13b4 100644
--- a/src/main/blog/handlers.cljs
+++ b/src/main/blog/handlers.cljs
@@ -62,6 +62,21 @@
         (.redirect res "/")
       ))))
 
+(defn is-user-authorized
+  "Middleware to check if user is authorized."
+  [req res next]
+  (if (some? (.-user (.-session req)))
+    (next)
+    (next (new js/Error "User not authorized!!!"))))
+
+(defn user-not-authorized-factory
+  "Middleware to redirect authorized users to a url."
+  ([url]
+   (fn [err req res next]
+     (.redirect res "/login")))
+  ([]
+   (user-not-authorized-factory "/login")))
+
 (defn admin-panel-handler-factory
   [client]
   (fn [req res]
diff --git a/src/main/blog/server.cljs b/src/main/blog/server.cljs
index 36e43d5..d4b28db 100644
--- a/src/main/blog/server.cljs
+++ b/src/main/blog/server.cljs
@@ -77,34 +77,66 @@
 
 
   (. app get "/admin"
+     handlers/is-user-authorized
      (handlers/admin-panel-handler-factory client))
 
+  (. app use "/admin"
+     (handlers/user-not-authorized-factory))
+
   (. app post "/htmx/search/articles/"
      (handlers/htmx-search-articles-handler-factory client))
 
   (. app post "/htmx/articles/"
+     handlers/is-user-authorized
      (handlers/htmx-create-article-handler-factory client))
 
+  (. app use "/htmx/articles/"
+     (handlers/user-not-authorized-factory))
+
   (. app get "/htmx/articles/:id"
      (handlers/htmx-get-article-handler-factory client))
 
   (. app post "/htmx/admin/search/articles/"
+     handlers/is-user-authorized
      (handlers/htmx-admin-search-articles-handler-factory client))
 
+  (. app use "/htmx/admin/search/articles/"
+     (handlers/user-not-authorized-factory))
+
   (. app get "/htmx/admin/rows/article/:id/"
+     handlers/is-user-authorized
      (handlers/htmx-get-article-row-handler-factory client))
 
+  (. app use "/htmx/admin/rows/article/:id/"
+     (handlers/user-not-authorized-factory))
+
   (. app patch "/htmx/admin/rows/article/:id/"
+     handlers/is-user-authorized
      (handlers/htmx-update-article-handler-factory client))
 
+  (. app use "/htmx/admin/rows/article/:id/"
+     (handlers/user-not-authorized-factory))
+
   (. app delete "/htmx/admin/rows/article/:id/"
+     handlers/is-user-authorized
      (handlers/htmx-delete-article-row-handler-factory client))
 
+  (. app use "/htmx/admin/rows/article/:id/"
+     (handlers/user-not-authorized-factory))
+
   (. app get "/htmx/admin/modals/article/content/:id/"
+     handlers/is-user-authorized
      (handlers/htmx-get-article-preview-content-handler-factory client))
 
+  (. app use "/htmx/admin/modals/article/content/:id/"
+     (handlers/user-not-authorized-factory))
+
   (. app get "/htmx/admin/modals/article/edit-content/:id/"
+     handlers/is-user-authorized
      (handlers/htmx-get-article-edit-content-handler-factory client))
+
+  (. app use "/htmx/admin/modals/article/edit-content/:id/"
+     (handlers/user-not-authorized-factory))
   )
 
 (defn start