2021-06-05 18:24:12 +00:00
|
|
|
import {Middleware} from '../../http/routing/Middleware'
|
|
|
|
import {Inject, Injectable} from '../../di'
|
2021-11-26 20:32:25 +00:00
|
|
|
import {SecurityContext} from '../context/SecurityContext'
|
2021-06-05 18:24:12 +00:00
|
|
|
import {ResponseObject} from '../../http/routing/Route'
|
|
|
|
import {error} from '../../http/response/ErrorResponseFactory'
|
|
|
|
import {NotAuthorizedError} from '../NotAuthorizedError'
|
|
|
|
import {HTTPStatus} from '../../util'
|
2021-07-17 17:49:07 +00:00
|
|
|
import {redirect} from '../../http/response/RedirectResponseFactory'
|
|
|
|
import {Routing} from '../../service/Routing'
|
|
|
|
import {Session} from '../../http/session/Session'
|
2021-06-05 18:24:12 +00:00
|
|
|
|
2021-11-26 20:32:25 +00:00
|
|
|
// TODO handle JSON and non-web
|
|
|
|
|
2021-06-05 18:24:12 +00:00
|
|
|
@Injectable()
|
|
|
|
export class AuthRequiredMiddleware extends Middleware {
|
|
|
|
@Inject()
|
|
|
|
protected readonly security!: SecurityContext
|
|
|
|
|
2021-07-17 17:49:07 +00:00
|
|
|
@Inject()
|
|
|
|
protected readonly routing!: Routing
|
|
|
|
|
|
|
|
@Inject()
|
|
|
|
protected readonly session!: Session
|
|
|
|
|
2021-06-05 18:24:12 +00:00
|
|
|
async apply(): Promise<ResponseObject> {
|
|
|
|
if ( !this.security.hasUser() ) {
|
2021-11-26 20:32:25 +00:00
|
|
|
this.session.set('@extollo:auth.intention', this.request.url)
|
2021-07-17 17:49:07 +00:00
|
|
|
|
2022-03-29 06:14:46 +00:00
|
|
|
if ( this.routing.hasNamedRoute('@auth:login') ) {
|
|
|
|
return redirect(this.routing.getNamedPath('@auth:login').toRemote)
|
2021-07-17 17:49:07 +00:00
|
|
|
} else {
|
|
|
|
return error(new NotAuthorizedError(), HTTPStatus.FORBIDDEN)
|
|
|
|
}
|
2021-06-05 18:24:12 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|