adding back oidc

2025-12-19 05:10:54 -06:00 · 2025-06-25 00:44:18 +02:00
parent 82d98d8158
commit 882583b4a6
27 changed files with 1017 additions and 834 deletions
--- a/web/src/routes/+layout.ts
+++ b/web/src/routes/+layout.ts
@@ -1,7 +1,5 @@
 import { goto } from "$app/navigation";
-import { logout, profileClient, useClient } from "$lib/api";
-import { UserService } from "$lib/gen/mantrae/v1/user_pb";
-import { token } from "$lib/stores/common";
+import { profileClient, userClient } from "$lib/api";
 import { profile } from "$lib/stores/profile";
 import { user } from "$lib/stores/user";
 import type { LayoutLoad } from "./$types";
@@ -14,45 +12,78 @@ const isPublicRoute = (path: string) => {
 	return path.startsWith("/login") || path === "/login";
 };

-export const load: LayoutLoad = async ({ url, fetch }) => {
-	// Case 1: No token and accessing protected route
-	if (!token.value && !isPublicRoute(url.pathname)) {
-		await goto("/login/");
-		user.clear();
-		return;
-	}
+export const load: LayoutLoad = async ({ url }) => {
+	const currentPath = url.pathname;
+	const isPublic = isPublicRoute(currentPath);

-	// If we have a token, verify it
-	if (token.value) {
-		try {
-			const client = useClient(UserService, fetch);
-			const verified = await client.verifyJWT({ token: token.value });
-			if (!verified.user) {
-				throw new Error("Invalid token");
-			}
+	try {
+		const verified = await userClient.verifyJWT({});
+
+		if (verified.user) {
 			user.value = verified.user;
+
+			// Update profile if not set
 			if (!profile.id) {
 				const response = await profileClient.listProfiles({});
 				profile.value = response.profiles[0];
 			}

-			// Redirect to home if trying to access login page while authenticated
-			if (isPublicRoute(url.pathname) && user.isLoggedIn()) {
+			if (isPublic) {
+				// Authenticated user trying to access login page - redirect to home
 				await goto("/");
+				return;
 			}
 			return;
-		} catch (error) {
-			// Token verification failed, clean up
-			logout();
-			user.clear();
-			throw new Error("Token verification failed: " + error);
+		} else {
+			throw new Error("Authentication failed");
 		}
+	} catch (_) {
+		user.clear();
+		if (!isPublic) {
+			await goto("/login");
+		}
+		return;
 	}
-
-	// No token and trying to access protected route
-	if (!isPublicRoute) {
-		await goto("/login");
-	}
-
-	return;
 };
+
+// export const load: LayoutLoad = async ({ url }) => {
+// 	// Case 1: No token and accessing protected route
+// 	if (!token.value && !isPublicRoute(url.pathname)) {
+// 		await goto("/login/");
+// 		user.clear();
+// 		return;
+// 	}
+//
+// 	// If we have a token, verify it
+// 	if (token.value) {
+// 		try {
+// 			const verified = await userClient.verifyJWT({});
+// 			if (!verified.user) {
+// 				throw new Error("Invalid token");
+// 			}
+// 			user.value = verified.user;
+// 			if (!profile.id) {
+// 				const response = await profileClient.listProfiles({});
+// 				profile.value = response.profiles[0];
+// 			}
+//
+// 			// Redirect to home if trying to access login page while authenticated
+// 			if (isPublicRoute(url.pathname) && user.isLoggedIn()) {
+// 				await goto("/");
+// 			}
+// 			return;
+// 		} catch (error) {
+// 			// Token verification failed, clean up
+// 			logout();
+// 			user.clear();
+// 			throw new Error("Token verification failed: " + error);
+// 		}
+// 	}
+//
+// 	// No token and trying to access protected route
+// 	if (!isPublicRoute) {
+// 		await goto("/login");
+// 	}
+//
+// 	return;
+// };