barbercollie/ReadMeABook
1
0
Fork 1
mirror of https://github.com/kikootwo/ReadMeABook.git synced 2026-06-03 12:50:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add requireSetupIncompleteOrAdmin and adjust routes

Browse Source 
Introduce a new middleware requireSetupIncompleteOrAdmin that allows unauthenticated access while the setup wizard is in progress but enforces admin authentication once setup is complete. Replace requireSetupIncomplete with the new guard in test-paths, test-abs and test-oidc API routes. Update the front-end hook to use fetchWithAuth for authenticated requests. Revise setup-guard tests to cover the new semantics: shared endpoints now return 401 when setup is complete and no auth is provided, return 403 for authenticated non-admin users, and allow admin access or unauthenticated access during setup/DB-unready conditions; also add jwt verification and user lookup mocks to the tests.
This commit is contained in:
kikootwo
2026-02-09 21:45:37 -05:00
parent 7e53f037af
commit f9947b745e
6 changed files with 116 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/app/admin/settings/tabs/PathsTab/usePathsSettings.ts
+2 -1
View File
@@ -6,6 +6,7 @@
'use client';
import { useState } from 'react';
import { fetchWithAuth } from '@/lib/utils/api';
import type { PathsSettings, TestResult } from '../../lib/types';
interface UsePathsSettingsProps {
@@ -34,7 +35,7 @@ export function usePathsSettings({ paths, onChange, onValidationChange }: UsePat
setTestResult(null);
try {
const response = await fetch('/api/setup/test-paths', {
const response = await fetchWithAuth('/api/setup/test-paths', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
src/app/api/setup/test-abs/route.ts
+2 -2
View File
@@ -4,10 +4,10 @@
*/
import { NextRequest, NextResponse } from 'next/server';
import { requireSetupIncomplete } from '@/lib/middleware/auth';
import { requireSetupIncompleteOrAdmin } from '@/lib/middleware/auth';
export async function POST(request: NextRequest) {
return requireSetupIncomplete(request, async (req) => {
return requireSetupIncompleteOrAdmin(request, async (req) => {
try {
const { serverUrl, apiToken } = await req.json();
src/app/api/setup/test-oidc/route.ts
+2 -2
View File
@@ -5,13 +5,13 @@
import { NextRequest, NextResponse } from 'next/server';
import { Issuer } from 'openid-client';
import { requireSetupIncomplete } from '@/lib/middleware/auth';
import { requireSetupIncompleteOrAdmin } from '@/lib/middleware/auth';
import { RMABLogger } from '@/lib/utils/logger';
const logger = RMABLogger.create('API.Setup.TestOIDC');
export async function POST(request: NextRequest) {
return requireSetupIncomplete(request, async (req) => {
return requireSetupIncompleteOrAdmin(request, async (req) => {
try {
const body = await req.json();
const { issuerUrl, clientId, clientSecret } = body;
src/app/api/setup/test-paths/route.ts
+2 -2
View File
@@ -6,7 +6,7 @@
import { NextRequest, NextResponse } from 'next/server';
import fs from 'fs/promises';
import path from 'path';
import { requireSetupIncomplete } from '@/lib/middleware/auth';
import { requireSetupIncompleteOrAdmin } from '@/lib/middleware/auth';
import { RMABLogger } from '@/lib/utils/logger';
import { validateTemplate, generateMockPreviews } from '@/lib/utils/path-template.util';
@@ -46,7 +46,7 @@ async function testPath(dirPath: string): Promise<boolean> {
}
export async function POST(request: NextRequest) {
return requireSetupIncomplete(request, async (req) => {
return requireSetupIncompleteOrAdmin(request, async (req) => {
try {
const { downloadDir, mediaDir, audiobookPathTemplate } = await req.json();