auth splitting

2025-07-26 14:07:18 +02:00
parent a4f4e03cba
commit d2fdeccce3
13 changed files with 87 additions and 69 deletions
--- a/src/pages/api/ai/query.ts
+++ b/src/pages/api/ai/query.ts
@@ -278,7 +278,7 @@ Antworte NUR mit validen JSON. Keine zusätzlichen Erklärungen außerhalb des J
 export const POST: APIRoute = async ({ request }) => {
  try {
    // CONSOLIDATED: Replace 20+ lines with single function call (UNCHANGED)
-    const authResult = await withAPIAuth(request);
+    const authResult = await withAPIAuth(request, 'ai');
    if (!authResult.authenticated) {
      return createAuthErrorResponse();
    }
--- a/src/pages/api/auth/status.ts
+++ b/src/pages/api/auth/status.ts
@@ -1,4 +1,4 @@
-// src/pages/api/auth/status.ts (FIXED - Updated imports and consolidated)
+// src/pages/api/auth/status.ts 
 import type { APIRoute } from 'astro';
 import { withAPIAuth } from '../../../utils/auth.js';
 import { apiResponse, handleAPIRequest } from '../../../utils/api.js';
@@ -7,14 +7,16 @@ export const prerender = false;

 export const GET: APIRoute = async ({ request }) => {
  return await handleAPIRequest(async () => {
-    // CONSOLIDATED: Single function call replaces 35+ lines
-    const authResult = await withAPIAuth(request);
+    const contributionAuth = await withAPIAuth(request, 'contributions');
+    const aiAuth = await withAPIAuth(request, 'ai');
    
    return apiResponse.success({
-      authenticated: authResult.authenticated,
-      authRequired: authResult.authRequired,
-      expires: authResult.session?.exp ? new Date(authResult.session.exp * 1000).toISOString() : null
+      authenticated: contributionAuth.authenticated || aiAuth.authenticated,
+      contributionAuthRequired: contributionAuth.authRequired,
+      aiAuthRequired: aiAuth.authRequired,
+      contributionAuthenticated: contributionAuth.authenticated,
+      aiAuthenticated: aiAuth.authenticated,
+      expires: contributionAuth.session?.exp ? new Date(contributionAuth.session.exp * 1000).toISOString() : null
    });
-    
  }, 'Status check failed');
 };
--- a/src/pages/api/contribute/knowledgebase.ts
+++ b/src/pages/api/contribute/knowledgebase.ts
@@ -84,12 +84,12 @@ function validateKnowledgebaseData(data: KnowledgebaseContributionData): { valid
 export const POST: APIRoute = async ({ request }) => {
  return await handleAPIRequest(async () => {
    // Check authentication
-    const authResult = await withAPIAuth(request);
+    const authResult = await withAPIAuth(request, 'contributions');
    if (authResult.authRequired && !authResult.authenticated) {
      return apiError.unauthorized();
    }

-    const userEmail = authResult.session?.email || 'anonymous@example.com';
+    const userEmail = authResult.session?.email || 'anon@anon.anon';

    // Rate limiting
    if (!checkRateLimit(userEmail)) {
--- a/src/pages/api/contribute/tool.ts
+++ b/src/pages/api/contribute/tool.ts
@@ -127,13 +127,13 @@ async function validateToolData(tool: any, action: string): Promise<{ valid: boo
 export const POST: APIRoute = async ({ request }) => {
  return await handleAPIRequest(async () => {
    // Authentication check
-    const authResult = await withAPIAuth(request);
+    const authResult = await withAPIAuth(request, 'contributions');
    if (authResult.authRequired && !authResult.authenticated) {
      return apiError.unauthorized();
    }

    const userId = authResult.session?.userId || 'anonymous';
-    const userEmail = authResult.session?.email || 'anonymous@example.com';
+    const userEmail = authResult.session?.email || 'anon@anon.anon';

    // Rate limiting
    if (!checkRateLimit(userId)) {
--- a/src/pages/api/upload/media.ts
+++ b/src/pages/api/upload/media.ts
@@ -139,23 +139,19 @@ async function uploadToLocal(file: File, userType: string): Promise<UploadResult
  }
 }

-// POST endpoint for file uploads
 export const POST: APIRoute = async ({ request }) => {
  return await handleAPIRequest(async () => {
-    // Authentication check
-    const authResult = await withAPIAuth(request);
+    const authResult = await withAPIAuth(request, 'contributions');
    if (authResult.authRequired && !authResult.authenticated) {
      return apiError.unauthorized();
    }

-    const userEmail = authResult.session?.email || 'anonymous@example.com';
+    const userEmail = authResult.session?.email || 'anon@anon.anon';

-    // Rate limiting
    if (!checkUploadRateLimit(userEmail)) {
      return apiError.rateLimit('Upload rate limit exceeded. Please wait before uploading again.');
    }

-    // Parse multipart form data
    let formData;
    try {
      formData = await request.formData();
--- a/src/pages/contribute/index.astro
+++ b/src/pages/contribute/index.astro
@@ -6,7 +6,7 @@ import { withAuth } from '../../utils/auth.js'; // Note: .js extension!
 export const prerender = false;

 // CONSOLIDATED: Replace 15+ lines with single function call
-const authResult = await withAuth(Astro);
+const authResult = await withAuth(Astro, 'contributions');
 if (authResult instanceof Response) {
  return authResult; // Redirect to login
 }
--- a/src/pages/contribute/knowledgebase.astro
+++ b/src/pages/contribute/knowledgebase.astro
@@ -7,7 +7,7 @@ import { getToolsData } from '../../utils/dataService.js';
 export const prerender = false;

 // Check authentication
-const authResult = await withAuth(Astro);
+const authResult = await withAuth(Astro, 'contributions');
 if (authResult instanceof Response) {
  return authResult;
 }
--- a/src/pages/contribute/tool.astro
+++ b/src/pages/contribute/tool.astro
@@ -7,7 +7,7 @@ import { getToolsData } from '../../utils/dataService.js';
 export const prerender = false;

 // Check authentication
-const authResult = await withAuth(Astro);
+const authResult = await withAuth(Astro, 'contributions');
 if (authResult instanceof Response) {
  return authResult;
 }
--- a/src/pages/index.astro
+++ b/src/pages/index.astro
@@ -121,15 +121,13 @@ const tools = data.tools;
      return;
    }
    
-    // AI Query Button Handler using consolidated auth system
    if (aiQueryBtn) {
      aiQueryBtn.addEventListener('click', async () => {
-        // Use the global auth system consistently
        if (typeof window.requireClientAuth === 'function') {
-          await window.requireClientAuth(() => switchToView('ai'), `${window.location.pathname}?view=ai`);
+          // ENHANCED: Use AI-specific authentication
+          await window.requireClientAuth(() => switchToView('ai'), `${window.location.pathname}?view=ai`, 'ai');
        } else {
-          // Better fallback logging
-          console.warn('[AUTH] requireClientAuth not available - client-auth.js may not be loaded properly');
+          console.warn('[AUTH] requireClientAuth not available');
          switchToView('ai');
        }
      });