coyotte508 HF staff commited on
Commit
b9f029b
1 Parent(s): d975e5d

🛂 Prevent API calls without accepting ethics modal (#174)

Browse files
Files changed (1) hide show
  1. src/hooks.server.ts +26 -0
src/hooks.server.ts CHANGED
@@ -6,12 +6,38 @@ import {
6
  PUBLIC_DEPRECATED_GOOGLE_ANALYTICS_ID,
7
  } from "$env/static/public";
8
  import { addYears } from "date-fns";
 
 
9
 
10
  export const handle: Handle = async ({ event, resolve }) => {
11
  const token = event.cookies.get(COOKIE_NAME);
12
 
13
  event.locals.sessionId = token || crypto.randomUUID();
14
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
15
  // Refresh cookie expiration date
16
  event.cookies.set(COOKIE_NAME, event.locals.sessionId, {
17
  path: "/",
 
6
  PUBLIC_DEPRECATED_GOOGLE_ANALYTICS_ID,
7
  } from "$env/static/public";
8
  import { addYears } from "date-fns";
9
+ import { collections } from "$lib/server/database";
10
+ import { base } from "$app/paths";
11
 
12
  export const handle: Handle = async ({ event, resolve }) => {
13
  const token = event.cookies.get(COOKIE_NAME);
14
 
15
  event.locals.sessionId = token || crypto.randomUUID();
16
 
17
+ if (event.request.method === "POST" && !event.url.pathname.startsWith(`${base}/settings`)) {
18
+ const hasAcceptedEthicsModal = await collections.settings.countDocuments({
19
+ sessionId: event.locals.sessionId,
20
+ ethicsModalAcceptedAt: { $exists: true },
21
+ });
22
+
23
+ if (!hasAcceptedEthicsModal) {
24
+ const sendJson =
25
+ event.request.headers.get("accept")?.includes("application/json") ||
26
+ event.request.headers.get("content-type")?.includes("application/json");
27
+ return new Response(
28
+ sendJson
29
+ ? JSON.stringify({ error: "You need to accept the welcome modal first" })
30
+ : "You need to accept the welcome modal first",
31
+ {
32
+ status: 405,
33
+ headers: {
34
+ "content-type": sendJson ? "application/json" : "text/plain",
35
+ },
36
+ }
37
+ );
38
+ }
39
+ }
40
+
41
  // Refresh cookie expiration date
42
  event.cookies.set(COOKIE_NAME, event.locals.sessionId, {
43
  path: "/",