barbercollie/ReadMeABook
1
0
Fork 1
mirror of https://github.com/kikootwo/ReadMeABook.git synced 2026-06-03 21:00:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add requireSetupIncompleteOrAdmin and adjust routes

Browse Source 
Introduce a new middleware requireSetupIncompleteOrAdmin that allows unauthenticated access while the setup wizard is in progress but enforces admin authentication once setup is complete. Replace requireSetupIncomplete with the new guard in test-paths, test-abs and test-oidc API routes. Update the front-end hook to use fetchWithAuth for authenticated requests. Revise setup-guard tests to cover the new semantics: shared endpoints now return 401 when setup is complete and no auth is provided, return 403 for authenticated non-admin users, and allow admin access or unauthenticated access during setup/DB-unready conditions; also add jwt verification and user lookup mocks to the tests.
This commit is contained in:
kikootwo
2026-02-09 21:45:37 -05:00
parent 7e53f037af
commit f9947b745e
6 changed files with 116 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/app/admin/settings/tabs/PathsTab/usePathsSettings.ts
+2 -1
View File
@@ -6,6 +6,7 @@
'use client';
import { useState } from 'react';
import { fetchWithAuth } from '@/lib/utils/api';
import type { PathsSettings, TestResult } from '../../lib/types';
interface UsePathsSettingsProps {
@@ -34,7 +35,7 @@ export function usePathsSettings({ paths, onChange, onValidationChange }: UsePat
setTestResult(null);
try {
const response = await fetch('/api/setup/test-paths', {
const response = await fetchWithAuth('/api/setup/test-paths', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({