From 1384d687a7191f14e3e77d62dd22c57d031fc228 Mon Sep 17 00:00:00 2001
From: Bernd Storath <999999bst@gmail.com>
Date: Mon, 5 Aug 2024 16:05:36 +0200
Subject: [PATCH] Fix session middleware

---
 src/middleware/session.ts        |  6 ------
 src/server/middleware/session.ts | 35 ++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 6 deletions(-)
 delete mode 100644 src/middleware/session.ts
 create mode 100644 src/server/middleware/session.ts

diff --git a/src/middleware/session.ts b/src/middleware/session.ts
deleted file mode 100644
index cd6cfe1c..00000000
--- a/src/middleware/session.ts
+++ /dev/null
@@ -1,6 +0,0 @@
-export default defineNuxtRouteMiddleware(async (to) => {
-  // TODO: fix api middleware
-  if (REQUIRES_PASSWORD || !to.path.startsWith('/api/')) {
-    //return abortNavigation();
-  }
-});
diff --git a/src/server/middleware/session.ts b/src/server/middleware/session.ts
new file mode 100644
index 00000000..2b592a25
--- /dev/null
+++ b/src/server/middleware/session.ts
@@ -0,0 +1,35 @@
+export default defineEventHandler(async (event) => {
+  if (event.node.req.url === undefined) {
+    throw createError({
+      status: 400,
+      message: 'Invalid request',
+    });
+  }
+  if (
+    !REQUIRES_PASSWORD ||
+    !event.node.req.url.startsWith('/api/') ||
+    event.node.req.url === '/api/session'
+  ) {
+    return;
+  }
+  const session = await getSession(event, SESSION_CONFIG);
+  if (session.id && session.data.authenticated) {
+    return;
+  }
+
+  const authorization = getHeader(event, 'Authorization');
+  if (event.node.req.url.startsWith('/api/') && authorization) {
+    if (isPasswordValid(authorization)) {
+      return;
+    }
+    throw createError({
+      status: 401,
+      message: 'Incorrect Password',
+    });
+  }
+
+  throw createError({
+    status: 401,
+    message: 'Not logged in',
+  });
+});