Initial commit - realms platform
This commit is contained in:
doomtube
parent
c590ab6d18
commit
c717c3751c
234 changed files with 74103 additions and 15231 deletions
23
frontend/src/hooks.server.js
Normal file
23
frontend/src/hooks.server.js
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
/** @type {import('@sveltejs/kit').Handle} */
|
||||
export async function handle({ event, resolve }) {
|
||||
// SECURITY FIX #25: Server-side session validation
|
||||
const authToken = event.cookies.get('auth_token');
|
||||
|
||||
if (authToken) {
|
||||
// Token is present - attach to locals for use in load functions
|
||||
// JWT validation happens on API calls; here we just pass it through
|
||||
event.locals.authToken = authToken;
|
||||
event.locals.isAuthenticated = true;
|
||||
} else {
|
||||
event.locals.isAuthenticated = false;
|
||||
}
|
||||
|
||||
const response = await resolve(event);
|
||||
|
||||
// Add security headers to responses
|
||||
response.headers.set('X-Content-Type-Options', 'nosniff');
|
||||
response.headers.set('X-Frame-Options', 'SAMEORIGIN');
|
||||
response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
|
||||
|
||||
return response;
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue