diff --git a/src/authentication/protected-routes.handler.ts b/src/authentication/protected-routes.handler.ts index b2321ba..4be2ec7 100644 --- a/src/authentication/protected-routes.handler.ts +++ b/src/authentication/protected-routes.handler.ts @@ -7,7 +7,7 @@ export const withProtectedRoutesHandler = ( router: Router, admin: AdminJS ): void => { - const { rootPath } = admin.options; + const { rootPath, loginPath, logoutPath } = admin.options; router.use((req, res, next) => { if (isAdminAsset(req.originalUrl)) { @@ -15,8 +15,8 @@ export const withProtectedRoutesHandler = ( } else if ( req.session.adminUser || // these routes doesn't need authentication - req.originalUrl.startsWith(admin.options.loginPath) || - req.originalUrl.startsWith(admin.options.logoutPath) + req.originalUrl.startsWith(loginPath) || + req.originalUrl.startsWith(logoutPath) ) { next(); } else if (isAdminRoute(req.originalUrl, rootPath)) { @@ -30,7 +30,7 @@ export const withProtectedRoutesHandler = ( if (err) { next(err); } - res.redirect(admin.options.loginPath); + res.redirect(loginPath); }); } else { next(); @@ -38,15 +38,24 @@ export const withProtectedRoutesHandler = ( }); }; -export const isAdminRoute = (url: string, adminRootUrl: string): boolean => { +export const isAdminRoute = (url: string, adminRootPath: string): boolean => { const adminRoutes = AdminRouter.routes .map((route) => convertToExpressRoute(route.path)) .filter((route) => route !== ""); - const isAdminRootUrl = url === adminRootUrl; + + let urlWithoutRootPath = url; + if (adminRootPath !== '/') { + urlWithoutRootPath = url.replace(adminRootPath, ''); + if (!urlWithoutRootPath.startsWith('/')) { + urlWithoutRootPath = `/${urlWithoutRootPath}` + } + } + + const isAdminRootUrl = url === adminRootPath || urlWithoutRootPath === '/'; return ( isAdminRootUrl || - !!adminRoutes.find((route) => pathToRegexp(route).test(url)) + !!adminRoutes.find((route) => pathToRegexp(route).test(urlWithoutRootPath)) ); }; diff --git a/test/protected-routes.test.ts b/test/protected-routes.test.ts index 0b626b1..b379114 100644 --- a/test/protected-routes.test.ts +++ b/test/protected-routes.test.ts @@ -2,7 +2,7 @@ import { isAdminRoute } from "../src/authentication/protected-routes.handler"; describe("Protected routes", () => { describe("#isAdminRoute", () => { - it("should detect admin routes", () => { + it("should detect admin routes when root path is /", () => { const adminRoutes = [ "/", "/resources/someResource", @@ -29,6 +29,33 @@ describe("Protected routes", () => { }); }); + it("should detect admin routes when root path is not /", () => { + const adminRoutes = [ + "/admin", + "/admin/resources/someResource", + "/admin/api/resources/someResource/search/searchQuery", + "/admin/resources/someResource/actions/someAction", + "/admin/api/resources/someResource/actions/someAction", + "/admin/api/resources/someResource/actions/someAction/searchQuery", + "/admin/api/resources/someResource/actions/someAction", + "/admin/resources/someResource/records/someRecordId/someAction", + "/admin/api/resources/someResource/records/someRecordId/someAction", + "/admin/api/resources/someResource/records/someRecordId/someAction", + "/admin/resources/someResource/bulk/someAction", + "/admin/api/resources/someResource/bulk/someAction", + "/admin/api/resources/someResource/bulk/someAction", + "/admin/api/resources/someResource/search/", + "/admin/api/dashboard", + "/admin/pages/somePage", + "/admin/api/pages/somePage", + "/admin/api/pages/somePage", + ]; + + adminRoutes.forEach((route) => { + expect(isAdminRoute(route, "/admin")).toBeTruthy(); + }); + }); + it("should detect non-admin routes", () => { expect(isAdminRoute("/api/my-endpoint", "/")).toBeFalsy(); });