Add the middleware to prevent access to the admin panel if authorized.

1 year ago · 3f1ba5a556
parent d70f03aee4
commit 3f1ba5a556
2 changed files with 47 additions and 0 deletions
--- a/src/main/blog/handlers.cljs
+++ b/src/main/blog/handlers.cljs
@ -62,6 +62,21 @@
        (.redirect res "/")
      ))))

+(defn is-user-authorized
+  "Middleware to check if user is authorized."
+  [req res next]
+  (if (some? (.-user (.-session req)))
+    (next)
+    (next (new js/Error "User not authorized!!!"))))
+
+(defn user-not-authorized-factory
+  "Middleware to redirect authorized users to a url."
+  ([url]
+   (fn [err req res next]
+     (.redirect res "/login")))
+  ([]
+   (user-not-authorized-factory "/login")))
+
 (defn admin-panel-handler-factory
  [client]
  (fn [req res]
--- a/src/main/blog/server.cljs
+++ b/src/main/blog/server.cljs
@ -77,34 +77,66 @@


  (. app get "/admin"
+     handlers/is-user-authorized
     (handlers/admin-panel-handler-factory client))

+  (. app use "/admin"
+     (handlers/user-not-authorized-factory))
+
  (. app post "/htmx/search/articles/"
     (handlers/htmx-search-articles-handler-factory client))

  (. app post "/htmx/articles/"
+     handlers/is-user-authorized
     (handlers/htmx-create-article-handler-factory client))

+  (. app use "/htmx/articles/"
+     (handlers/user-not-authorized-factory))
+
  (. app get "/htmx/articles/:id"
     (handlers/htmx-get-article-handler-factory client))

  (. app post "/htmx/admin/search/articles/"
+     handlers/is-user-authorized
     (handlers/htmx-admin-search-articles-handler-factory client))

+  (. app use "/htmx/admin/search/articles/"
+     (handlers/user-not-authorized-factory))
+
  (. app get "/htmx/admin/rows/article/:id/"
+     handlers/is-user-authorized
     (handlers/htmx-get-article-row-handler-factory client))

+  (. app use "/htmx/admin/rows/article/:id/"
+     (handlers/user-not-authorized-factory))
+
  (. app patch "/htmx/admin/rows/article/:id/"
+     handlers/is-user-authorized
     (handlers/htmx-update-article-handler-factory client))

+  (. app use "/htmx/admin/rows/article/:id/"
+     (handlers/user-not-authorized-factory))
+
  (. app delete "/htmx/admin/rows/article/:id/"
+     handlers/is-user-authorized
     (handlers/htmx-delete-article-row-handler-factory client))

+  (. app use "/htmx/admin/rows/article/:id/"
+     (handlers/user-not-authorized-factory))
+
  (. app get "/htmx/admin/modals/article/content/:id/"
+     handlers/is-user-authorized
     (handlers/htmx-get-article-preview-content-handler-factory client))

+  (. app use "/htmx/admin/modals/article/content/:id/"
+     (handlers/user-not-authorized-factory))
+
  (. app get "/htmx/admin/modals/article/edit-content/:id/"
+     handlers/is-user-authorized
     (handlers/htmx-get-article-edit-content-handler-factory client))
+
+  (. app use "/htmx/admin/modals/article/edit-content/:id/"
+     (handlers/user-not-authorized-factory))
  )

 (defn start