added protected routes

src/app.d.ts

@@ -3,7 +3,9 @@
 declare global {
 	namespace App {
 		// interface Error {}
-		// interface Locals {}
+		interface Locals {
+			user: number | string | null
+		}
 		// interface PageData {}
 		// interface Platform {}
 	}

src/hooks.server.ts

@@ -0,0 +1,23 @@
+import { authenticateUser } from '$lib/server/auth'
+import { redirect, type Handle } from '@sveltejs/kit'
+
+export const handle: Handle = async ({ event, resolve }) => {
+	event.locals.user = await authenticateUser(event)
+
+	const pathname = event.url.pathname
+
+	if (pathname === '/login' || pathname === 'signup') {
+		if (event.locals.user) {
+			throw redirect(303, '/')
+		}
+	}
+
+	if (pathname !== '/login' && pathname !== '/signup') {
+		if (!event.locals.user) {
+			throw redirect(303, '/login')
+		}
+	}
+	const response = await resolve(event)
+
+	return response
+}

src/lib/server/auth.ts

@@ -0,0 +1,37 @@
+import type { RequestEvent } from '@sveltejs/kit'
+import { db } from '$lib/db'
+import { session as sessionSchema } from '$lib/db/schema'
+import { and, eq, gt } from 'drizzle-orm'
+
+export const getUserFromSessionToken = async (token: string) => {
+	const now = new Date()
+	const sessions = await db
+		.select()
+		.from(sessionSchema)
+		.where(
+			and(eq(sessionSchema.token, token), gt(sessionSchema.expiresAt, now)),
+		)
+
+	const session = sessions[0]
+
+	if (!session) {
+		return null
+	}
+	return session.userId
+}
+
+export const authenticateUser = async (event: RequestEvent) => {
+	const { cookies } = event
+	const sessionToken = cookies.get('token')
+
+	if (!sessionToken) {
+		return null
+	}
+
+	console.log(sessionToken)
+
+	const user = await getUserFromSessionToken(sessionToken)
+	console.log(user)
+
+	return user
+}