homelab/kener
1
0
Fork 0
mirror of https://github.com/rajnandan1/kener.git synced 2026-06-23 04:10:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

ensure inactive users cannot log in and restrict actions for non-admin roles. Fixes #600

Browse Source
This commit is contained in:
Raj Nandan Sharma
2026-02-25 00:01:49 +05:30
parent 35f0adb235
commit caca29d354
3 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/lib/server/controllers/userController.ts
+3
View File
@@ -251,6 +251,9 @@ export const GetLoggedInSession = async (cookies: Cookies): Promise<UserRecordPu
if (!userDB) {
return null;
}
if (!userDB.is_active) {
return null;
}
return userDB;
};
src/routes/(account)/account/signin/+page.server.ts
+7
View File
@@ -51,6 +51,13 @@ export const actions: Actions = {
return fail(401, { error: "Invalid password or Email", values: { email } });
}
if (!userDB.is_active) {
return fail(403, {
error: "Your account has been deactivated. Please contact an administrator.",
values: { email },
});
}
const token = await GenerateToken(userDB);
const cookieConfig = CookieConfig();
cookies.set(cookieConfig.name, token, {
src/routes/(manage)/manage/api/+server.ts
+3
View File
@@ -199,6 +199,7 @@ export async function POST({ request, cookies }) {
AdminEditorCan(userDB.role);
resp = await CreateUpdateMonitor(data);
} else if (action == "updateMonitoringData") {
AdminEditorCan(userDB.role);
data.type = GC.MANUAL;
resp = await UpdateMonitoringData(data);
} else if (action == "getMonitors") {
@@ -291,6 +292,7 @@ export async function POST({ request, cookies }) {
AdminEditorCan(userDB.role);
resp = await UpdateCommentByID(data.incident_id, data.comment_id, data.comment, data.state, data.commented_at);
} else if (action == "testTrigger") {
AdminEditorCan(userDB.role);
const trigger = await GetTriggerByID(data.trigger_id);
const siteData = await GetAllSiteData();
if (!trigger || !siteData) {
@@ -364,6 +366,7 @@ export async function POST({ request, cookies }) {
throw new Error("Unsupported trigger type for testing");
}
} else if (action == "testMonitor") {
AdminEditorCan(userDB.role);
let monitorID = data.monitor_id;
let monitors = await GetMonitorsParsed({ id: monitorID });
let monitor = monitors[0];