alexei.dolgolyov
1c0a7cb850
Phase 4 — New Widget Types: - Clock/Weather, System Stats, RSS/Feed, Calendar, Markdown, Metric/Counter, Link Group, Camera/Stream widgets - Backend services with caching for each data source - Full creation form with dynamic config fields per type Phase 5 — Visual & Styling Enhancements: - Glassmorphism card style (solid/glass/outline) - Board-level themes with per-board hue/saturation - Animated SVG status rings replacing static dots - Card size options (compact/medium/large) - Custom CSS injection (admin + per-board, sanitized) - Wallpaper backgrounds with blur/overlay/parallax Phase 6 — Functional Features: - Favorites bar with drag-and-drop reordering - Recent apps tracking with privacy toggle - Uptime dashboard page (/status, guest-accessible) - Notifications system (Discord/Slack/Telegram/HTTP webhooks) - App tags with filtering in board view - Multi-URL app cards with expandable sub-links - Personal API tokens with scoped permissions - Audit log with retention and admin viewer Phase 7 — Quality of Life: - Onboarding wizard (5-step first-launch setup) - App URL health preview with favicon/title detection - Board templates (4 built-in + custom import/export) - Keyboard shortcut overlay (j/k nav, 1-9 boards, ? help) 212 files changed, 15641 insertions, 980 deletions. Build, lint, type check, and 222 tests all pass.
47 lines
1.4 KiB
TypeScript
47 lines
1.4 KiB
TypeScript
import { redirect } from '@sveltejs/kit';
|
|
import type { RequestEvent } from '@sveltejs/kit';
|
|
|
|
/**
|
|
* Reusable authentication check helper.
|
|
* Throws a redirect to /login if the user is not authenticated.
|
|
* Returns the authenticated user from event.locals.
|
|
*
|
|
* For API routes, also checks for Bearer token in Authorization header.
|
|
* If a valid API token is found, the user is set from the token's owner.
|
|
*/
|
|
export function requireAuth(event: RequestEvent) {
|
|
const user = event.locals.user;
|
|
if (!user) {
|
|
// For API routes, redirect is not appropriate — but we keep the behavior
|
|
// consistent with the existing codebase. The hooks.server.ts handles
|
|
// API token validation and sets event.locals.user before routes run.
|
|
throw redirect(302, '/login');
|
|
}
|
|
return user;
|
|
}
|
|
|
|
/**
|
|
* Check if the current request has an authenticated user without redirecting.
|
|
*/
|
|
export function isAuthenticated(event: RequestEvent): boolean {
|
|
return event.locals.user !== null;
|
|
}
|
|
|
|
/**
|
|
* Extract Bearer token from Authorization header, if present.
|
|
* Returns the token string or null.
|
|
*/
|
|
export function extractBearerToken(event: RequestEvent): string | null {
|
|
const authHeader = event.request.headers.get('authorization');
|
|
if (!authHeader) {
|
|
return null;
|
|
}
|
|
|
|
const parts = authHeader.split(' ');
|
|
if (parts.length !== 2 || parts[0] !== 'Bearer') {
|
|
return null;
|
|
}
|
|
|
|
return parts[1];
|
|
}
|