jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Lock down coming-soon mode to block all users including authenticated

Browse source 
Remove auth bypass from coming-soon middleware so no one can access
the in-development site in production. Remove unused login button
from coming-soon page since wiki has its own OIDC login flow.
This commit is contained in:
Jennie Robinson Faber 2026-03-19 10:27:19 +00:00
parent 44805dbecf
commit ea6c4d8329
2 changed files with 1 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

21
app/middleware/coming-soon.global.js
View file

@ -13,25 +13,6 @@ export default defineNuxtRouteMiddleware(async (to, from) => {
return;
}
// Allow authenticated users to bypass coming-soon
const authToken = useCookie("auth-token");
if (authToken.value) {
// On the server, verify the JWT is actually valid
if (import.meta.server) {
try {
const { jwtSecret } = useRuntimeConfig();
const jwt = await import("jsonwebtoken").then((m) => m.default);
jwt.verify(authToken.value, jwtSecret);
return;
} catch {
// Invalid/expired token — fall through to coming-soon redirect
}
} else {
// Client-side: trust the cookie (SSR already validated on initial load)
return;
}
}
// Redirect all other routes to coming-soon
// Redirect all other routes to coming-soon — no exceptions
return navigateTo("/coming-soon");
});