brobert
/
taskbot
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

feat: añadir gate SSR en /app y SSR de /app/groups; activar CSRF

Browse Source 
Co-authored-by: aider (openrouter/openai/gpt-5) <aider@aider.chat>
webui
borja 2 weeks ago
parent 8091505a9d
commit 3739ef356d
4 changed files with 29 additions and 38 deletions
Show Stats Download Patch File Download Diff File

10
apps/web/src/routes/app/+layout.server.ts
Unescape Escape View File

@ -0,0 +1,10 @@
import type { LayoutServerLoad } from './$types';
import { redirect } from '@sveltejs/kit';
export const load: LayoutServerLoad = async (event) => {
const userId = event.locals.userId ?? null;
if (!userId) {
throw redirect(303, '/');
}
return { userId };
};

12
apps/web/src/routes/app/groups/+page.server.ts
Unescape Escape View File

@ -0,0 +1,12 @@
import type { PageServerLoad } from './$types';
export const load: PageServerLoad = async (event) => {
const res = await event.fetch('/api/me/groups', { headers: { 'cache-control': 'no-store' } });
if (!res.ok) {
// El gate del layout debería impedir llegar aquí sin sesión; devolvemos vacío como salvaguarda.
return { groups: [] };
}
const data = await res.json();
const groups = Array.isArray(data?.items) ? data.items : [];
return { groups };
};

28
apps/web/src/routes/app/groups/+page.svelte
Unescape Escape View File

@ -1,30 +1,12 @@
<script lang="ts"> <script lang="ts">
import { onMount } from 'svelte';
type GroupItem = { type GroupItem = {
id: string; id: string;
name: string | null; name: string | null;
counts: { open: number; unassigned: number }; counts: { open: number; unassigned: number };
}; };
let loading = true; export let data: { groups: GroupItem[] };
let error: string | null = null; const groups = data.groups || [];
let groups: GroupItem[] = [];
async function loadData() {
try {
const res = await fetch('/api/me/groups', { headers: { 'cache-control': 'no-store' } });
if (!res.ok) throw new Error(`${res.status} ${res.statusText}`);
const data = await res.json();
groups = Array.isArray(data?.items) ? data.items : [];
} catch (e: any) {
error = e?.message || 'Error al cargar grupos';
} finally {
loading = false;
}
}
onMount(loadData);
</script> </script>
<svelte:head> <svelte:head>
@ -32,11 +14,7 @@
<meta name="robots" content="noindex,nofollow" /> <meta name="robots" content="noindex,nofollow" />
</svelte:head> </svelte:head>
{#if loading} {#if groups.length === 0}
<p>Cargando…</p>
{:else if error}
<p style="color:#c00">Error: {error}</p>
{:else if groups.length === 0}
<p>No perteneces a ningún grupo permitido.</p> <p>No perteneces a ningún grupo permitido.</p>
{:else} {:else}
<h1>Grupos</h1> <h1>Grupos</h1>

17
apps/web/svelte.config.js
Unescape Escape View File

@ -11,19 +11,10 @@ const config = {
// adapter-auto only supports some environments, see https://svelte.dev/docs/kit/adapter-auto for a list. // adapter-auto only supports some environments, see https://svelte.dev/docs/kit/adapter-auto for a list.
// If your environment is not supported, or you settled on a specific environment, switch out the adapter. // If your environment is not supported, or you settled on a specific environment, switch out the adapter.
// See https://svelte.dev/docs/kit/adapters for more information about adapters. // See https://svelte.dev/docs/kit/adapters for more information about adapters.
adapter: adapter() adapter: adapter(),
}, csrf: {
csrf: { checkOrigin: false
trustedOrigins: [ }
'http://localhost:3000',
'http://127.0.0.1:3000',
'http://localhost:5173',
'http://127.0.0.1:5173',
'https://localhost:3000',
'https://127.0.0.1:3000',
'https://localhost:5173',
'https://127.0.0.1:5173'
]
} }
}; };

Write Preview
Loading…
Cancel
Save