mirror of
https://github.com/RayLabsHQ/gitea-mirror.git
synced 2026-03-17 00:31:37 +03:00
46 lines
1.1 KiB
TypeScript
46 lines
1.1 KiB
TypeScript
import type { APIContext } from "astro";
|
|
import { auth } from "@/lib/auth";
|
|
|
|
function unauthorizedResponse() {
|
|
return new Response(
|
|
JSON.stringify({
|
|
success: false,
|
|
error: "Unauthorized",
|
|
}),
|
|
{
|
|
status: 401,
|
|
headers: { "Content-Type": "application/json" },
|
|
}
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Ensures request is authenticated and returns the authenticated user ID.
|
|
* Never trust client-provided userId for authorization decisions.
|
|
*/
|
|
export async function requireAuthenticatedUserId(
|
|
context: Pick<APIContext, "request" | "locals">
|
|
): Promise<{ userId: string } | { response: Response }> {
|
|
const localUserId =
|
|
context.locals?.session?.userId || context.locals?.user?.id;
|
|
|
|
if (localUserId) {
|
|
return { userId: localUserId };
|
|
}
|
|
|
|
let session: Awaited<ReturnType<typeof auth.api.getSession>> | null = null;
|
|
try {
|
|
session = await auth.api.getSession({
|
|
headers: context.request.headers,
|
|
});
|
|
} catch {
|
|
return { response: unauthorizedResponse() };
|
|
}
|
|
|
|
if (!session?.user?.id) {
|
|
return { response: unauthorizedResponse() };
|
|
}
|
|
|
|
return { userId: session.user.id };
|
|
}
|