ilk

ui/src/router/index.js

@@ -0,0 +1,96 @@
+import { route } from 'quasar/wrappers'
+import { createRouter, createWebHashHistory } from 'vue-router'
+
+import routes from 'src/router/routes.js'
+
+import { useAuthStore } from 'stores/authStore'
+import { usePermissionStore } from 'stores/permissionStore'
+
+
+export default route(function () {
+
+  const router = createRouter({
+    history: createWebHashHistory(),
+    routes
+  })
+
+
+  /* ============================================================
+     🔐 GLOBAL GUARD
+  ============================================================ */
+  router.beforeEach(async (to, from, next) => {
+
+    const auth = useAuthStore()
+    const perm = usePermissionStore()
+
+
+    /* ================= PUBLIC ================= */
+
+    if (to.meta?.public === true) {
+      return next()
+    }
+
+
+    /* ================= LOGIN ================= */
+
+    if (!auth.isAuthenticated) {
+      return next('/login')
+    }
+
+
+    /* ================= PASSWORD ================= */
+
+    if (
+      auth.mustChangePassword &&
+      to.path !== '/first-password-change'
+    ) {
+      return next('/first-password-change')
+    }
+
+
+    /* ================= ADMIN ================= */
+
+    if (auth.isAdmin) {
+      return next()
+    }
+
+
+    /* ================= LOAD PERMS ================= */
+
+    if (!perm.loaded) {
+      try {
+        await perm.fetchPermissions()
+      } catch (e) {
+        console.error('Permission load failed', e)
+      }
+    }
+
+
+    /* ================= CHECK ================= */
+
+    const required = to.meta?.permission
+
+    if (!required) {
+      return next()
+    }
+
+
+    const allowed = perm.hasApiPermission(required)
+
+    if (!allowed) {
+
+      console.warn('⛔ ACCESS DENIED:', {
+        path: to.fullPath,
+        permission: required
+      })
+
+      return next('/unauthorized')
+    }
+
+
+    next()
+  })
+
+
+  return router
+})