Wrap Posts route with a private set

2024-10-04 09:51:20 +02:00 · 2024-10-04 09:51:20 +02:00 · 5251a637de
commit 5251a637de
parent 1a12ed6c9c
2 changed files with 17 additions and 13 deletions
--- a/api/src/functions/auth.ts
+++ b/api/src/functions/auth.ts
@ -6,6 +6,20 @@ import type { DbAuthHandlerOptions, UserType } from '@redwoodjs/auth-dbauth-api'
 import { cookieName } from 'src/lib/auth'
 import { db } from 'src/lib/db'

+export const cookie = {
+  attributes: {
+    HttpOnly: true,
+    Path: '/',
+    SameSite: 'Strict',
+    Secure: process.env.NODE_ENV !== 'development',
+
+    // If you need to allow other domains (besides the api side) access to
+    // the dbAuth session cookie:
+    // Domain: 'example.com',
+  },
+  name: cookieName,
+}
+
 export const handler = async (
  event: APIGatewayProxyEvent,
  context: Context
@ -183,19 +197,7 @@ export const handler = async (

    // Specifies attributes on the cookie that dbAuth sets in order to remember
    // who is logged in. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies
-    cookie: {
-      attributes: {
-        HttpOnly: true,
-        Path: '/',
-        SameSite: 'Strict',
-        Secure: process.env.NODE_ENV !== 'development',
-
-        // If you need to allow other domains (besides the api side) access to
-        // the dbAuth session cookie:
-        // Domain: 'example.com',
-      },
-      name: cookieName,
-    },
+    cookie,

    forgotPassword: forgotPasswordOptions,
    login: loginOptions,
--- a/web/src/Routes.tsx
+++ b/web/src/Routes.tsx
@ -16,12 +16,14 @@ import { useAuth } from './auth'
 const Routes = () => {
  return (
    <Router useAuth={useAuth}>
+      <PrivateSet unauthenticated="home">
        <Set wrap={ScaffoldLayout} title="Posts" titleTo="posts" buttonLabel="New Post" buttonTo="newPost">
          <Route path="/admin/posts/new" page={PostNewPostPage} name="newPost" />
          <Route path="/admin/posts/{id:Int}/edit" page={PostEditPostPage} name="editPost" />
          <Route path="/admin/posts/{id:Int}" page={PostPostPage} name="post" />
          <Route path="/admin/posts" page={PostPostsPage} name="posts" />
        </Set>
+      </PrivateSet>
      <Route path="/login" page={LoginPage} name="login" />
      <Route path="/signup" page={SignupPage} name="signup" />
      <Route path="/forgot-password" page={ForgotPasswordPage} name="forgotPassword" />