Commit
•
b9f029b
1
Parent(s):
d975e5d
🛂 Prevent API calls without accepting ethics modal (#174)
Browse files- src/hooks.server.ts +26 -0
src/hooks.server.ts
CHANGED
@@ -6,12 +6,38 @@ import {
|
|
6 |
PUBLIC_DEPRECATED_GOOGLE_ANALYTICS_ID,
|
7 |
} from "$env/static/public";
|
8 |
import { addYears } from "date-fns";
|
|
|
|
|
9 |
|
10 |
export const handle: Handle = async ({ event, resolve }) => {
|
11 |
const token = event.cookies.get(COOKIE_NAME);
|
12 |
|
13 |
event.locals.sessionId = token || crypto.randomUUID();
|
14 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
15 |
// Refresh cookie expiration date
|
16 |
event.cookies.set(COOKIE_NAME, event.locals.sessionId, {
|
17 |
path: "/",
|
|
|
6 |
PUBLIC_DEPRECATED_GOOGLE_ANALYTICS_ID,
|
7 |
} from "$env/static/public";
|
8 |
import { addYears } from "date-fns";
|
9 |
+
import { collections } from "$lib/server/database";
|
10 |
+
import { base } from "$app/paths";
|
11 |
|
12 |
export const handle: Handle = async ({ event, resolve }) => {
|
13 |
const token = event.cookies.get(COOKIE_NAME);
|
14 |
|
15 |
event.locals.sessionId = token || crypto.randomUUID();
|
16 |
|
17 |
+
if (event.request.method === "POST" && !event.url.pathname.startsWith(`${base}/settings`)) {
|
18 |
+
const hasAcceptedEthicsModal = await collections.settings.countDocuments({
|
19 |
+
sessionId: event.locals.sessionId,
|
20 |
+
ethicsModalAcceptedAt: { $exists: true },
|
21 |
+
});
|
22 |
+
|
23 |
+
if (!hasAcceptedEthicsModal) {
|
24 |
+
const sendJson =
|
25 |
+
event.request.headers.get("accept")?.includes("application/json") ||
|
26 |
+
event.request.headers.get("content-type")?.includes("application/json");
|
27 |
+
return new Response(
|
28 |
+
sendJson
|
29 |
+
? JSON.stringify({ error: "You need to accept the welcome modal first" })
|
30 |
+
: "You need to accept the welcome modal first",
|
31 |
+
{
|
32 |
+
status: 405,
|
33 |
+
headers: {
|
34 |
+
"content-type": sendJson ? "application/json" : "text/plain",
|
35 |
+
},
|
36 |
+
}
|
37 |
+
);
|
38 |
+
}
|
39 |
+
}
|
40 |
+
|
41 |
// Refresh cookie expiration date
|
42 |
event.cookies.set(COOKIE_NAME, event.locals.sessionId, {
|
43 |
path: "/",
|