Sothis/viabiliza
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FEAT: implementar redirecionamento condicional na rota raiz e aprimorar middleware de autenticação

Browse Source
This commit is contained in:
Gabriel Amancio 2025-10-20 15:57:41 -03:00
parent 3ac0a17790
commit 54497bb7eb
2 changed files with 19 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
app.js
View File

@ -40,20 +40,26 @@ function createApp() {
}) })
); );
// redirect raiz para /login // redirect raiz
app.get("/", (req, res) => { app.get("/", (req, res) => {
if (req.session?.user?.authenticated) {
return res.redirect("/public/index.html");
}
return res.redirect("/login"); return res.redirect("/login");
}); });
// middleware que protege rotas que exigem login // middleware que protege rotas que exigem login
function requireAuth(req, res, next) { function requireAuth(req, res, next) {
if (req.session && req.session.user) return next(); if (req.session?.user?.authenticated) {
// se for chamada XHR, responda 401 em vez de redirect (útil para API) return next();
}
if (req.xhr || req.headers.accept?.includes("application/json")) { if (req.xhr || req.headers.accept?.includes("application/json")) {
return res.status(401).json({ error: "not_authenticated" }); return res.status(401).json({ error: "not_authenticated" });
} }
return res.redirect("/login"); return res.redirect("/login");
} }
// proteger demais rotas (ex.: /upload, /consulta) // proteger demais rotas (ex.: /upload, /consulta)
@ -592,13 +598,6 @@ function createApp() {
// servir /public APENAS quando autenticado // servir /public APENAS quando autenticado
app.use("/public", requireAuth, express.static(path.join(__dirname, "public"))); app.use("/public", requireAuth, express.static(path.join(__dirname, "public")));
// Middleware para proteger rotas
app.use((req, res, next) => {
if (!req.session.user && req.path !== "/login" && !req.path.startsWith("/auth")) {
return res.redirect("/login");
}
next();
});
///////////////////////////////////////////////////// /////////////////////////////////////////////////////

8
routes/authRoutes.js
View File

@ -3,12 +3,10 @@ const { getAuthUrl, getTokenFromCode } = require("../service/authService");
const router = express.Router(); const router = express.Router();
// Rota para iniciar o fluxo de autenticação
router.get("/login", (req, res) => { router.get("/login", (req, res) => {
return res.redirect(getAuthUrl()); return res.redirect(getAuthUrl());
}); });
// Rota de callback após autenticação
router.get("/auth/callback", async (req, res) => { router.get("/auth/callback", async (req, res) => {
console.log("[auth callback] query:", req.query); console.log("[auth callback] query:", req.query);
const code = req.query.code; const code = req.query.code;
@ -21,12 +19,10 @@ router.get("/auth/callback", async (req, res) => {
try { try {
const tokens = await getTokenFromCode(code); const tokens = await getTokenFromCode(code);
// assegura sessão e marca usuário como autenticado // sessão já existe (criada pelo express-session)
if (!req.session) req.session = {};
req.session.tokens = tokens; req.session.tokens = tokens;
req.session.user = { authenticated: true }; // flag simples; adicione info real se quiser req.session.user = { authenticated: true };
// salva session antes do redirect
req.session.save((err) => { req.session.save((err) => {
if (err) { if (err) {
console.error("[auth callback] erro ao salvar sessão:", err); console.error("[auth callback] erro ao salvar sessão:", err);