hardening
This commit is contained in:
+34
-13
@@ -2,7 +2,13 @@
|
||||
|
||||
import { useEffect, useState } from 'react'
|
||||
import { useRouter } from 'next/navigation'
|
||||
import { authFetch, clearToken, getApiBase, getToken } from '../lib/auth'
|
||||
import {
|
||||
authFetchOrThrow,
|
||||
ForbiddenError,
|
||||
getApiBase,
|
||||
getToken,
|
||||
UnauthorizedError,
|
||||
} from '../lib/auth'
|
||||
import AdminShell from '../ui/AdminShell'
|
||||
|
||||
type AdminUser = {
|
||||
@@ -29,17 +35,8 @@ export default function UsersPage() {
|
||||
const loadUsers = async () => {
|
||||
try {
|
||||
const baseUrl = getApiBase()
|
||||
const response = await authFetch(`${baseUrl}/admin/users`)
|
||||
const response = await authFetchOrThrow(`${baseUrl}/admin/users`)
|
||||
if (!response.ok) {
|
||||
if (response.status === 401) {
|
||||
clearToken()
|
||||
router.push('/login')
|
||||
return
|
||||
}
|
||||
if (response.status === 403) {
|
||||
router.push('/')
|
||||
return
|
||||
}
|
||||
throw new Error('Could not load users.')
|
||||
}
|
||||
const data = await response.json()
|
||||
@@ -58,6 +55,14 @@ export default function UsersPage() {
|
||||
}
|
||||
setError(null)
|
||||
} catch (err) {
|
||||
if (err instanceof UnauthorizedError) {
|
||||
router.push('/login')
|
||||
return
|
||||
}
|
||||
if (err instanceof ForbiddenError) {
|
||||
router.push('/')
|
||||
return
|
||||
}
|
||||
console.error(err)
|
||||
setError('Could not load user list.')
|
||||
} finally {
|
||||
@@ -68,7 +73,7 @@ export default function UsersPage() {
|
||||
const toggleUserBlock = async (username: string, blocked: boolean) => {
|
||||
try {
|
||||
const baseUrl = getApiBase()
|
||||
const response = await authFetch(
|
||||
const response = await authFetchOrThrow(
|
||||
`${baseUrl}/admin/users/${encodeURIComponent(username)}/${blocked ? 'block' : 'unblock'}`,
|
||||
{ method: 'POST' }
|
||||
)
|
||||
@@ -77,6 +82,14 @@ export default function UsersPage() {
|
||||
}
|
||||
await loadUsers()
|
||||
} catch (err) {
|
||||
if (err instanceof UnauthorizedError) {
|
||||
router.push('/login')
|
||||
return
|
||||
}
|
||||
if (err instanceof ForbiddenError) {
|
||||
router.push('/')
|
||||
return
|
||||
}
|
||||
console.error(err)
|
||||
setError('Could not update user access.')
|
||||
}
|
||||
@@ -85,7 +98,7 @@ export default function UsersPage() {
|
||||
const updateUserRole = async (username: string, role: string) => {
|
||||
try {
|
||||
const baseUrl = getApiBase()
|
||||
const response = await authFetch(
|
||||
const response = await authFetchOrThrow(
|
||||
`${baseUrl}/admin/users/${encodeURIComponent(username)}/role`,
|
||||
{
|
||||
method: 'POST',
|
||||
@@ -98,6 +111,14 @@ export default function UsersPage() {
|
||||
}
|
||||
await loadUsers()
|
||||
} catch (err) {
|
||||
if (err instanceof UnauthorizedError) {
|
||||
router.push('/login')
|
||||
return
|
||||
}
|
||||
if (err instanceof ForbiddenError) {
|
||||
router.push('/')
|
||||
return
|
||||
}
|
||||
console.error(err)
|
||||
setError('Could not update user role.')
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user