vegard
70b33d5387
Hvert subdomain har én jobb. Offentlig og internt er separate domener. - synops.no = statisk landingsside + /pub/* + /media/* - ws.synops.no = appen (SvelteKit + /api/* → maskinrommet) - workspace.synops.no → redirect til ws.synops.no (legacy) - Fjernet hostname-sjekker fra hooks.server.ts - Fjernet LandingPage.svelte (landingsside er statisk HTML) - Alle API-URLer peker til 127.0.0.1:3100 (ikke sidelinja.org) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
23 lines
722 B
TypeScript
23 lines
722 B
TypeScript
import { redirect, type Handle } from '@sveltejs/kit';
|
|
import { handle as authHandle } from './auth';
|
|
import { sequence } from '@sveltejs/kit/hooks';
|
|
|
|
/** Protect all routes except /auth/* (OIDC callback paths). */
|
|
const authorizationHandle: Handle = async ({ event, resolve }) => {
|
|
const path = event.url.pathname;
|
|
|
|
// Auth-ruter trenger ikke session-sjekk
|
|
if (path.startsWith('/auth/') || path === '/signin') {
|
|
return resolve(event);
|
|
}
|
|
|
|
const session = await event.locals.auth();
|
|
if (!session?.user) {
|
|
throw redirect(303, '/auth/signin');
|
|
}
|
|
|
|
return resolve(event);
|
|
};
|
|
|
|
// Authentication first (sets up locals.auth), then authorization
|
|
export const handle: Handle = sequence(authHandle, authorizationHandle);
|