Michael Schiemer
36ef2a1e2c
Some checks failed
🚀 Build & Deploy Image / Determine Build Necessity (push) Failing after 10m14s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Has been skipped
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 11m25s
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
- Remove middleware reference from Gitea Traefik labels (caused routing issues) - Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s) - Add explicit service reference in Traefik labels - Fix intermittent 504 timeouts by improving PostgreSQL connection handling Fixes Gitea unreachability via git.michaelschiemer.de
114 lines
2.7 KiB
JavaScript
114 lines
2.7 KiB
JavaScript
/**
|
|
* Route Guard
|
|
*
|
|
* Provides route-level access control and guards.
|
|
*/
|
|
|
|
import { Logger } from '../../core/logger.js';
|
|
|
|
/**
|
|
* RouteGuard - Route access control
|
|
*/
|
|
export class RouteGuard {
|
|
constructor(name, guardFn) {
|
|
this.name = name;
|
|
this.guardFn = guardFn;
|
|
}
|
|
|
|
/**
|
|
* Create a new RouteGuard
|
|
*/
|
|
static create(name, guardFn) {
|
|
return new RouteGuard(name, guardFn);
|
|
}
|
|
|
|
/**
|
|
* Execute guard
|
|
*/
|
|
async execute(to, from, context = {}) {
|
|
try {
|
|
const result = await this.guardFn(to, from, context);
|
|
return {
|
|
allowed: result !== false && result !== null,
|
|
redirect: typeof result === 'string' ? result : null,
|
|
reason: typeof result === 'object' && result.reason ? result.reason : null
|
|
};
|
|
} catch (error) {
|
|
Logger.error(`[RouteGuard] Guard "${this.name}" error:`, error);
|
|
return {
|
|
allowed: false,
|
|
redirect: null,
|
|
reason: error.message
|
|
};
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Built-in guards
|
|
*/
|
|
export const BuiltInGuards = {
|
|
/**
|
|
* Require authentication
|
|
*/
|
|
auth: RouteGuard.create('auth', async (to, from) => {
|
|
// Check if user is authenticated
|
|
// This would need to be implemented based on your auth system
|
|
const isAuthenticated = checkAuth(); // Placeholder
|
|
if (!isAuthenticated) {
|
|
return '/login';
|
|
}
|
|
return true;
|
|
}),
|
|
|
|
/**
|
|
* Require guest (not authenticated)
|
|
*/
|
|
guest: RouteGuard.create('guest', async (to, from) => {
|
|
const isAuthenticated = checkAuth(); // Placeholder
|
|
if (isAuthenticated) {
|
|
return '/';
|
|
}
|
|
return true;
|
|
}),
|
|
|
|
/**
|
|
* Require specific role
|
|
*/
|
|
role: (requiredRole) => RouteGuard.create('role', async (to, from) => {
|
|
const userRole = getUserRole(); // Placeholder
|
|
if (userRole !== requiredRole) {
|
|
return '/unauthorized';
|
|
}
|
|
return true;
|
|
}),
|
|
|
|
/**
|
|
* Require permission
|
|
*/
|
|
permission: (requiredPermission) => RouteGuard.create('permission', async (to, from) => {
|
|
const hasPermission = checkPermission(requiredPermission); // Placeholder
|
|
if (!hasPermission) {
|
|
return '/unauthorized';
|
|
}
|
|
return true;
|
|
})
|
|
};
|
|
|
|
// Placeholder functions (would be implemented based on auth system)
|
|
function checkAuth() {
|
|
// Implementation depends on auth system
|
|
return false;
|
|
}
|
|
|
|
function getUserRole() {
|
|
// Implementation depends on auth system
|
|
return null;
|
|
}
|
|
|
|
function checkPermission(permission) {
|
|
// Implementation depends on auth system
|
|
return false;
|
|
}
|
|
|