JetSprow/J-Board-Lite
1
0
Fork 0
mirror of https://github.com/JetSprow/J-Board-Lite.git synced 2026-05-01 01:14:10 +05:30
Code Issues Packages Projects Releases Wiki Activity
Files
58fa4fefa4fe53fc6ced87791e6119f0aacf3654
J-Board-Lite/src/lib/require-auth.ts
JetSprow 58fa4fefa4 fix: harden secrets and session checks
2026-04-29 17:18:36 +10:00

48 lines
1.4 KiB
TypeScript
Raw Blame History

import { getServerSession } from "next-auth";
import { authOptions } from "./auth";
import { prisma } from "./prisma";
import { getActiveSubscriptionRiskRestriction } from "@/services/subscription-risk-review";
export async function getActiveSession() {
const session = await getServerSession(authOptions);
if (!session?.user?.id) return null;
const user = await prisma.user.findUnique({
where: { id: session.user.id },
select: { id: true, email: true, name: true, role: true, status: true },
});
if (!user || user.status !== "ACTIVE") return null;
session.user.id = user.id;
session.user.email = user.email;
session.user.name = user.name;
session.user.role = user.role;
return session;
}
export async function requireAdmin() {
const session = await getActiveSession();
if (!session || session.user.role !== "ADMIN") {
throw new Error("无权限");
}
return session;
}
export async function requireAuth(options: { allowDuringRiskRestriction?: boolean } = {}) {
const session = await getActiveSession();
if (!session) {
throw new Error("未登录");
}
if (session.user.role !== "ADMIN" && !options.allowDuringRiskRestriction) {
const restriction = await getActiveSubscriptionRiskRestriction(session.user.id);
if (restriction) {
throw new Error("账户存在未处理的订阅风控限制,请先新建工单联系客服");
}
}
return session;
}
Reference in New Issue View Git Blame Copy Permalink