c8311ce1fb
- carto.vue : retire bouton Surprise (Alliance seul reste), ajoute isAdmin + deleteFiche + colonne supprimer annuaire
- middleware : /codev/qr exempté d'authentification
- auth.post.ts : détecte mdp admin → pose cookie codev_admin
- DELETE /api/codev/fiches/[id] : vérifie cookie admin avant suppression NocoDB
- GET /api/codev/me : retourne { admin, session }
- nuxt.config.ts : codevAdminPassword ajouté
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
47 lines
1.3 KiB
TypeScript
47 lines
1.3 KiB
TypeScript
import { z } from 'zod'
|
|
|
|
const AuthSchema = z.object({
|
|
password: z.string().min(1).max(100),
|
|
})
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const body = await readBody(event)
|
|
const parsed = AuthSchema.safeParse(body)
|
|
|
|
if (!parsed.success) {
|
|
throw createError({ statusCode: 422, statusMessage: 'Mot de passe invalide' })
|
|
}
|
|
|
|
const config = useRuntimeConfig()
|
|
const expected = config.codevPassword || 'merci'
|
|
|
|
const isAdmin = parsed.data.password.trim().toLowerCase() === (config.codevAdminPassword || 'admin2026').trim().toLowerCase()
|
|
const isUser = parsed.data.password.trim().toLowerCase() === expected.trim().toLowerCase()
|
|
|
|
if (!isAdmin && !isUser) {
|
|
throw createError({ statusCode: 401, statusMessage: 'Mauvais mot de passe' })
|
|
}
|
|
|
|
// Cookie session (user + admin)
|
|
setCookie(event, 'codev_session', 'ok', {
|
|
httpOnly: true,
|
|
sameSite: 'lax',
|
|
secure: process.env.NODE_ENV === 'production',
|
|
maxAge: 60 * 60 * 24, // 24h
|
|
path: '/',
|
|
})
|
|
|
|
// Cookie admin si mot de passe admin
|
|
if (isAdmin) {
|
|
setCookie(event, 'codev_admin', 'ok', {
|
|
httpOnly: true,
|
|
sameSite: 'lax',
|
|
secure: process.env.NODE_ENV === 'production',
|
|
maxAge: 60 * 60 * 24, // 24h
|
|
path: '/',
|
|
})
|
|
}
|
|
|
|
return { status: 200, ok: true, admin: isAdmin }
|
|
})
|