From 2821aef5d7fc435982bb89671da4a420472f7a35 Mon Sep 17 00:00:00 2001
From: TZGyn <ca538901d@mozmail.com>
Date: Mon, 13 Nov 2023 16:41:09 +0800
Subject: [PATCH] added protected routes

---
 src/app.d.ts           |  4 +++-
 src/hooks.server.ts    | 23 +++++++++++++++++++++++
 src/lib/server/auth.ts | 37 +++++++++++++++++++++++++++++++++++++
 3 files changed, 63 insertions(+), 1 deletion(-)
 create mode 100644 src/hooks.server.ts
 create mode 100644 src/lib/server/auth.ts

diff --git a/src/app.d.ts b/src/app.d.ts
index bf6daa3..f32f5c1 100644
--- a/src/app.d.ts
+++ b/src/app.d.ts
@@ -3,7 +3,9 @@
 declare global {
 	namespace App {
 		// interface Error {}
-		// interface Locals {}
+		interface Locals {
+			user: number | string | null
+		}
 		// interface PageData {}
 		// interface Platform {}
 	}
diff --git a/src/hooks.server.ts b/src/hooks.server.ts
new file mode 100644
index 0000000..7024883
--- /dev/null
+++ b/src/hooks.server.ts
@@ -0,0 +1,23 @@
+import { authenticateUser } from '$lib/server/auth'
+import { redirect, type Handle } from '@sveltejs/kit'
+
+export const handle: Handle = async ({ event, resolve }) => {
+	event.locals.user = await authenticateUser(event)
+
+	const pathname = event.url.pathname
+
+	if (pathname === '/login' || pathname === 'signup') {
+		if (event.locals.user) {
+			throw redirect(303, '/')
+		}
+	}
+
+	if (pathname !== '/login' && pathname !== '/signup') {
+		if (!event.locals.user) {
+			throw redirect(303, '/login')
+		}
+	}
+	const response = await resolve(event)
+
+	return response
+}
diff --git a/src/lib/server/auth.ts b/src/lib/server/auth.ts
new file mode 100644
index 0000000..eccdce7
--- /dev/null
+++ b/src/lib/server/auth.ts
@@ -0,0 +1,37 @@
+import type { RequestEvent } from '@sveltejs/kit'
+import { db } from '$lib/db'
+import { session as sessionSchema } from '$lib/db/schema'
+import { and, eq, gt } from 'drizzle-orm'
+
+export const getUserFromSessionToken = async (token: string) => {
+	const now = new Date()
+	const sessions = await db
+		.select()
+		.from(sessionSchema)
+		.where(
+			and(eq(sessionSchema.token, token), gt(sessionSchema.expiresAt, now)),
+		)
+
+	const session = sessions[0]
+
+	if (!session) {
+		return null
+	}
+	return session.userId
+}
+
+export const authenticateUser = async (event: RequestEvent) => {
+	const { cookies } = event
+	const sessionToken = cookies.get('token')
+
+	if (!sessionToken) {
+		return null
+	}
+
+	console.log(sessionToken)
+
+	const user = await getUserFromSessionToken(sessionToken)
+	console.log(user)
+
+	return user
+}