Merge pull request #181 from msisaifu/route-gurads

Route gurads

src/hooks.server.ts

@@ -1,40 +1,52 @@
+import { redirect } from '@sveltejs/kit'
 import { getUserDetails } from '$lib/stores/authStore'
+import { Authenticate } from '$lib/authentication/authentication'
 import type { Handle } from '@sveltejs/kit'
 
 export const handle: Handle = async ({ event, resolve }) => {
-    const userId = event.url.searchParams.get('userId') || event.cookies.get('userId') || ''
-    let token = event.url.searchParams.get('token') || event.cookies.get('token') || ''
-    let user
-
-    if (event.locals && event.locals.user) {
-        user = event.locals.user.user
-    }
-
-    if (!token || !userId) {
-        return await resolve(event)
-    }
-
-    if (token && userId) {
-        if (!user) {
-            const response = await getUserDetails(token, userId)
-            if (response) {
-                if (response.freshJwt) {
-                    token = response.freshJwt
-                }
-                user = response
-            }
-        }
-
-        event.cookies.set('token', token)
-        event.cookies.set('userId', userId)
-        event.locals.user = {
-            userId,
-            token,
-            user
-        }
-    }
-
-    return await resolve(event)
+	const pathname = event.url.pathname
+	const userId = event.url.searchParams.get('userId') || event.cookies.get('userId') || ''
+	let token = event.url.searchParams.get('token') || event.cookies.get('token') || ''
+	let user
+
+	if (event.locals && event.locals.user) {
+		user = event.locals.user.user
+	}
+
+	if (token && userId) {
+		if (!user) {
+			const response = await getUserDetails(token, userId)
+			if (response) {
+				if (response.freshJwt) {
+					token = response.freshJwt
+				}
+				user = response
+				user.isAdmin = true
+			}
+		}
+
+		event.cookies.set('token', token)
+		event.cookies.set('userId', userId)
+		event.locals.user = {
+			userId,
+			token,
+			user
+		}
+	}
+
+	const user_role = (user && user.isAdmin && 'admin') || '*'
+
+	if (Authenticate(pathname, user_role) || pathname === '/browse' || pathname === '/') {
+		return await resolve(event)
+	}
+	throw redirect(302, '/browse')
+}
+
+export function handleError({ error }) {
+	console.log('error', error)
+	return {
+		message: 'Whoops something wrong!'
+	}
 }
 
 // const isAdminPage = /^\/admin\/(.*)/.test(route.id)

src/lib/authentication/authentication.ts

@@ -0,0 +1,17 @@
+import routes from './routes'
+
+function Authenticate(pathname, user_role) {
+	for (const section in routes) {
+		for (const sub_section in routes[section]) {
+			const route = routes[section][sub_section]
+			const route_access = route['access']
+			const pattern = new RegExp(`^/${section}${route.path}`, 'i')
+			if (pattern.test(pathname + '/') && route_access.includes(user_role)) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+export { Authenticate }

src/lib/authentication/routes.ts

@@ -0,0 +1,41 @@
+const user_contexts = ['*']
+const admin_contexts = ['admin']
+
+const routes = {
+	admin: [
+		{ path: '/admins', access: admin_contexts },
+		{ path: '/channels', access: admin_contexts },
+		{ path: '/fun-facts', access: admin_contexts },
+		{ path: '/fun-facts', access: admin_contexts },
+		{ path: '/legal', access: admin_contexts },
+		{ path: '/settings', access: admin_contexts },
+		{ path: '/users', access: admin_contexts }
+	],
+	browse: [
+		{ path: '/', access: user_contexts },
+		{ path: '/(.*)/$', access: user_contexts }
+	],
+	channel: [
+		{ path: '/', access: user_contexts },
+		{ path: '/(.*)/$', access: user_contexts }
+	],
+	profile: [
+		{ path: '/', access: admin_contexts },
+		{ path: '/(.*)/$', access: admin_contexts }
+	],
+	search: [
+		{ path: '/', access: user_contexts },
+		{ path: '/(.*)/', access: user_contexts }
+	],
+	maintenance: [{ path: '/', access: user_contexts }],
+	settings: [{ path: '/', access: user_contexts }],
+	premium: [{ path: '/', access: admin_contexts }],
+	careers: [{ path: '/', access: user_contexts }],
+	contact: [{ path: '/', access: user_contexts }],
+	videos: [{ path: '/', access: user_contexts }],
+	legal: [{ path: '/', access: user_contexts }],
+	logout: [{ path: '/', access: admin_contexts }],
+	'creator-space': [{ path: '/', access: user_contexts }]
+}
+
+export default routes

src/routes/+layout.svelte

@@ -2,6 +2,7 @@
 	import '$lib/assets/styles/tailwind-output.css'
 	// @ts-ignore
 	import NProgress from 'nprogress'
+	import { goto } from '$app/navigation'
 	import { browser } from '$app/environment'
 	import { navigating } from '$app/stores'
 	import { currentUser } from '$lib/stores/authStore'
@@ -60,6 +61,13 @@
 			}
 		}
 	}
+
+	function logout() {
+		setTimeout(() => {
+			$currentUser = null
+		}, 500)
+		goto('/logout')
+	}
 </script>
 
 <svelte:head>
@@ -168,12 +176,14 @@
 						Mint <span class="badge">New</span>
 					</a>
 				</li>
-				<li>
-					<a href="/premium" class="text-pink-500">
-						<IconDrawerPremium />
-						Premium <span class="badge">New</span>
-					</a>
-				</li>
+				{#if $currentUser}
+					<li>
+						<a href="/premium" class="text-pink-500">
+							<IconDrawerPremium />
+							Premium <span class="badge">New</span>
+						</a>
+					</li>
+				{/if}
 				<li>
 					<a href="/careers">
 						<IconDrawerCareers />
@@ -202,7 +212,7 @@
 				</li>
 				{#if $currentUser}
 					<li>
-						<button>
+						<button on:click={logout}>
 							<IconDrawerLogOut />
 							Log Out</button>
 					</li>

src/routes/admin/admins/+page.server.ts

@@ -0,0 +1,10 @@
+import { error } from '@sveltejs/kit'
+import type { PageServerLoad } from './$types'
+
+export const load = (async ({ params }) => {
+	// const post = null
+	// if (post) {
+	//   return post
+	// }
+	// throw error(404, 'Not found')
+}) satisfies PageServerLoad

src/routes/admin/channels/+page.server.ts

@@ -0,0 +1,10 @@
+import { error } from '@sveltejs/kit'
+import type { PageServerLoad } from './$types'
+
+export const load = (async ({ params }) => {
+	// const post = null
+	// if (post) {
+	//   return post
+	// }
+	// throw error(404, 'Not found')
+}) satisfies PageServerLoad

src/routes/admin/fun-facts/+page.server.ts

@@ -0,0 +1,10 @@
+import { error } from '@sveltejs/kit'
+import type { PageServerLoad } from './$types'
+
+export const load = (async ({ params }) => {
+	// const post = null
+	// if (post) {
+	//   return post
+	// }
+	// throw error(404, 'Not found')
+}) satisfies PageServerLoad

src/routes/admin/legal/+page.server.ts

@@ -0,0 +1,10 @@
+import { error } from '@sveltejs/kit'
+import type { PageServerLoad } from './$types'
+
+export const load = (async ({ params }) => {
+	// const post = null
+	// if (post) {
+	//   return post
+	// }
+	// throw error(404, 'Not found')
+}) satisfies PageServerLoad

src/routes/admin/settings/+page.server.ts

@@ -0,0 +1,10 @@
+import { error } from '@sveltejs/kit'
+import type { PageServerLoad } from './$types'
+
+export const load = (async ({ params }) => {
+	// const post = null
+	// if (post) {
+	//   return post
+	// }
+	// throw error(404, 'Not found')
+}) satisfies PageServerLoad

src/routes/admin/users/+page.server.ts

@@ -0,0 +1,10 @@
+import { error } from '@sveltejs/kit'
+import type { PageServerLoad } from './$types'
+
+export const load = (async ({ params }) => {
+	// const post = null
+	// if (post) {
+	//   return post
+	// }
+	// throw error(404, 'Not found')
+}) satisfies PageServerLoad

src/routes/careers/+page.server.ts

@@ -0,0 +1,10 @@
+import { error } from '@sveltejs/kit'
+import type { PageServerLoad } from './$types'
+
+export const load = (async ({ params }) => {
+	// const post = null
+	// if (post) {
+	//   return post
+	// }
+	// throw error(404, 'Not found')
+}) satisfies PageServerLoad

src/routes/logout/+page.server.ts

@@ -4,7 +4,6 @@ import type { PageServerLoad } from './$types'
 export const load: PageServerLoad = async ({ cookies }) => {
 	// eat the cookie
 	const cookieItem = ['token', 'userId']
-
 	cookieItem.forEach((item) => {
 		cookies.set(item, '', {
 			path: '/',