innohub/tatort
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hide PIN during Anmeldung and within route guards

Browse Source
This commit is contained in:
Chi Cong Tran
2025-10-01 09:54:21 +02:00
parent e288d768bf
commit 45bcce0fb2
2 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/routes/(token-based)/+layout.server.ts
View File

@@ -1,12 +1,9 @@
import {
vorgangPINValidation,
vorgangExists
} from '$lib/server/vorgangService';
import { vorgangPINValidation, vorgangExists } from '$lib/server/vorgangService';
import { redirect } from '@sveltejs/kit';
import type { PageServerLoad } from './list/[vorgang]/$types';
import { ROUTE_NAMES } from '..';
export const load: PageServerLoad = async ({ params, url, locals }) => {
export const load: PageServerLoad = async ({ params, cookies, locals }) => {
if (locals.user) {
return {
user: locals.user
@@ -14,10 +11,12 @@ export const load: PageServerLoad = async ({ params, url, locals }) => {
}
const vorgangToken = params.vorgang;
const vorgangPIN = url.searchParams.get('pin');
const COOKIE_NAME = `token-${vorgangToken}`;
const vorgangPIN = cookies.get(COOKIE_NAME);
const isVorgangValid = vorgangExists(vorgangToken);
const isVorgangPINValid = vorgangPINValidation(vorgangToken, vorgangPIN);
if (!isVorgangValid || !isVorgangPINValid) throw redirect(303, ROUTE_NAMES.ANMELDUNG_VORGANG_PARAM(vorgangToken));
if (!isVorgangValid || !isVorgangPINValid)
throw redirect(303, ROUTE_NAMES.ANMELDUNG_VORGANG_PARAM(vorgangToken));
};