Update auth guard to check for authentication cookie

rkpasia · rkpasia · commit 0a144f167822 · 2023-05-12T00:06:35.000+02:00
- Prevents 'whoami' validation of session
diff --git a/src/hooks.server.js b/src/hooks.server.js
@@ -7,14 +7,13 @@ export async function handle({ event, resolve }) {
 	}
 
 	// Authentication guard
-	if (event.cookies) {
-		// const token = cookie
-		const whoami = await event.fetch(`${FRACTAL_SERVER_HOST}/auth/whoami`)
-		if (whoami.ok) {
-			return await resolve(event)
-		} else {
-			return new Response(null, { status: 302, headers: { location: '/auth/login' } })
-		}
+	const fastApiUsersAuth = event.cookies.get('fastapiusersauth')
+	if (!fastApiUsersAuth) {
+		return new Response(null, { status: 302, headers: { location: '/auth/login' } })
+	}
+	const whoami = await event.fetch(`${FRACTAL_SERVER_HOST}/auth/whoami`)
+	if (whoami.ok) {
+		return await resolve(event)
 	} else {
 		return new Response(null, { status: 302, headers: { location: '/auth/login' } })
 	}
