josedario87
6e739250a0
- Create /api/auth/status endpoint for session verification - Create /api/auth/check-group endpoint for group membership validation - These endpoints read Authentik proxy headers to provide auth state - Required for SessionStatusButton and backend group verification
41 lines
1.0 KiB
TypeScript
41 lines
1.0 KiB
TypeScript
/**
|
|
* Endpoint para verificar membresía de grupo desde el backend
|
|
* Valida contra los headers de Authentik en el servidor
|
|
*/
|
|
export default defineEventHandler(async (event) => {
|
|
// Leer el body de la petición
|
|
const body = await readBody(event)
|
|
const { groupName } = body
|
|
|
|
if (!groupName || typeof groupName !== 'string') {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: 'Group name is required'
|
|
})
|
|
}
|
|
|
|
// Leer headers de Authentik
|
|
const headers = getHeaders(event)
|
|
const authentikGroups = headers['x-authentik-groups']
|
|
|
|
// Si no hay header de grupos, el usuario no está autenticado o no tiene grupos
|
|
if (!authentikGroups) {
|
|
return {
|
|
hasGroup: false,
|
|
groups: []
|
|
}
|
|
}
|
|
|
|
// Parsear los grupos (separados por |)
|
|
const userGroups = authentikGroups.split('|').filter(g => g.trim())
|
|
|
|
// Verificar si el usuario tiene el grupo solicitado
|
|
const hasGroup = userGroups.includes(groupName)
|
|
|
|
return {
|
|
hasGroup,
|
|
groups: userGroups,
|
|
checkedGroup: groupName
|
|
}
|
|
})
|