Sothis/viabiliza
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FEAT: reintroduzir proteção de acesso à rota /public, garantindo que apenas usuários autenticados possam acessá-la

Browse Source
This commit is contained in:
Gabriel Amancio 2025-10-20 14:49:52 -03:00
parent 0594cebd5a
commit 3ac0a17790
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app.js
View File

@ -55,11 +55,6 @@ function createApp() {
return res.redirect("/login"); return res.redirect("/login");
} }
// monta rotas de autenticação públicas
app.use("/", authRoutes);
// servir /public APENAS quando autenticado
app.use("/public", requireAuth, express.static(path.join(__dirname, "public")));
// proteger demais rotas (ex.: /upload, /consulta) // proteger demais rotas (ex.: /upload, /consulta)
app.use((req, res, next) => { app.use((req, res, next) => {
@ -594,6 +589,9 @@ function createApp() {
// Usa as rotas de autenticação // Usa as rotas de autenticação
app.use("/", authRoutes); app.use("/", authRoutes);
// servir /public APENAS quando autenticado
app.use("/public", requireAuth, express.static(path.join(__dirname, "public")));
// Middleware para proteger rotas // Middleware para proteger rotas
app.use((req, res, next) => { app.use((req, res, next) => {
if (!req.session.user && req.path !== "/login" && !req.path.startsWith("/auth")) { if (!req.session.user && req.path !== "/login" && !req.path.startsWith("/auth")) {