initial commit
This commit is contained in:
Madison Grubb
32
server/utils/authSkipPaths.js
Normal file
32
server/utils/authSkipPaths.js
Normal file
@@ -0,0 +1,32 @@
|
||||
/**
|
||||
* Paths that skip auth middleware (no session required).
|
||||
* Do not add a path here if any handler under it uses requireAuth (with or without role).
|
||||
* When adding a new API route that requires auth, add its path prefix to PROTECTED_PATH_PREFIXES below
|
||||
* so tests can assert it is never skipped.
|
||||
*/
|
||||
export const SKIP_PATHS = [
|
||||
'/api/auth/login',
|
||||
'/api/auth/logout',
|
||||
'/api/auth/config',
|
||||
'/api/auth/oidc/authorize',
|
||||
'/api/auth/oidc/callback',
|
||||
]
|
||||
|
||||
/**
|
||||
* Path prefixes for API routes that require an authenticated user (or role).
|
||||
* Every path in this list must NOT be skipped (skipAuth must return false).
|
||||
* Used by tests to prevent protected routes from being added to SKIP_PATHS.
|
||||
*/
|
||||
export const PROTECTED_PATH_PREFIXES = [
|
||||
'/api/cameras',
|
||||
'/api/devices',
|
||||
'/api/live',
|
||||
'/api/me',
|
||||
'/api/pois',
|
||||
'/api/users',
|
||||
]
|
||||
|
||||
export function skipAuth(path) {
|
||||
if (path.startsWith('/api/health') || path === '/health') return true
|
||||
return SKIP_PATHS.some(p => path === p || path.startsWith(p + '/'))
|
||||
}
|
||||
Reference in New Issue
Block a user