dwindown/meet-hub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add authentication protection to admin and member routes

Browse Source 
CRITICAL SECURITY FIX: All admin and member routes now require authentication.

## Changes:
- Created ProtectedRoute component to enforce authentication
- Protected all member routes (/dashboard, /access, /orders, /profile)
- Protected all admin routes (/admin/*) with admin role check
- Added redirect-after-login functionality using sessionStorage
- Non-authenticated users accessing protected pages are redirected to /auth
- Non-admin users accessing admin pages are redirected to /dashboard

## Security Impact:
- Prevents unauthorized access to admin panel and member areas
- Users must login to access any protected functionality
- Admin routes additionally verify user role is 'admin'
- After login, users are redirected back to their intended page

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
dwindown
2026-01-04 15:24:34 +07:00
parent 47a645520c
commit aeeb02d36b
3 changed files with 202 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/pages/Auth.tsx
View File

@@ -29,7 +29,14 @@ export default function Auth() {
useEffect(() => {
if (user) {
navigate('/dashboard');
// Check if there's a saved redirect path
const savedRedirect = sessionStorage.getItem('redirectAfterLogin');
if (savedRedirect) {
sessionStorage.removeItem('redirectAfterLogin');
navigate(savedRedirect);
} else {
navigate('/dashboard');
}
}
}, [user, navigate]);
@@ -101,8 +108,12 @@ export default function Auth() {
toast({ title: 'Error', description: error.message, variant: 'destructive' });
setLoading(false);
} else {
// Get redirect from URL state or use default
const redirectTo = (location.state as any)?.redirectTo || '/dashboard';
// Get redirect from sessionStorage or use default
const savedRedirect = sessionStorage.getItem('redirectAfterLogin');
const redirectTo = savedRedirect || '/dashboard';
if (savedRedirect) {
sessionStorage.removeItem('redirectAfterLogin');
}
navigate(redirectTo);
setLoading(false);
}