Files
nadir-webui/src/hooks.server.ts
T
2026-06-25 23:11:32 +02:00

60 lines
1.9 KiB
TypeScript

import { type Handle, redirect } from '@sveltejs/kit';
import { sequence } from '@sveltejs/kit/hooks';
import { building, dev } from '$app/environment';
import { auth } from '$lib/auth/server';
import { env } from '$lib/const/schema';
import { getTextDirection } from '$lib/paraglide/runtime';
import { paraglideMiddleware } from '$lib/paraglide/server';
import { svelteKitHandler } from 'better-auth/svelte-kit';
const handleBetterAuth: Handle = async ({ event, resolve }) => {
const session = await auth.api.getSession({
headers: event.request.headers
});
if (session) {
event.locals.session = session.session;
event.locals.user = session.user;
} else if (
!event.url.pathname.startsWith('/auth') &&
!event.url.pathname.startsWith('/api/auth') &&
event.url.pathname !== '/install.sh'
) {
redirect(307, '/auth/sign-in');
}
if (
env.ENABLE_2FA &&
session?.user !== undefined &&
'twoFactorEnabled' in session.user &&
session?.user.twoFactorEnabled !== true &&
!event.url.pathname.startsWith('/auth') &&
!event.url.pathname.startsWith('/api/auth')
)
redirect(307, '/auth/setup-2fa');
if (session?.user && 'twoFactorRedirect' in session.user) redirect(307, '/auth/2fa');
if (dev && env.ORIGIN.startsWith('https:')) event.url.protocol = 'https:';
if (event.url.pathname.startsWith('/admin')) {
const roles = (session?.user?.role ?? '')
.split(',')
.map((r) => r.trim())
.filter(Boolean);
if (!roles.includes('admin')) redirect(307, '/dashboard');
}
return svelteKitHandler({ auth, building, event, resolve });
};
const handleParaglide: Handle = ({ event, resolve }) =>
paraglideMiddleware(event.request, ({ locale, request }) => {
event.request = request;
return resolve(event, {
transformPageChunk: ({ html }) =>
html
.replace('%paraglide.lang%', locale)
.replace('%paraglide.dir%', getTextDirection(locale))
});
});
export const handle: Handle = sequence(handleBetterAuth, handleParaglide);