From c637977d3b7241b27378b55b8924dd7b120d2e8d Mon Sep 17 00:00:00 2001 From: VPS 4 Builder Date: Tue, 26 May 2026 05:45:13 +0200 Subject: [PATCH] Fix admin-clinics auth and JWT usage --- dental-server/auth.js | 8 ++++---- dental-server/routes/admin-clinics.js | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dental-server/auth.js b/dental-server/auth.js index d015d0d..aa2342f 100644 --- a/dental-server/auth.js +++ b/dental-server/auth.js @@ -15,10 +15,10 @@ function authenticateToken(req, res, next) { // Se não tem token, verifica se está tentando acessar uma página if (!token) { - const isApiRoute = req.path.startsWith('/api'); - const isLoginRoute = req.path.startsWith('/login') || req.path === '/auth/login.html'; + const isApiRoute = req.originalUrl.startsWith('/api'); + const isLoginRoute = req.originalUrl.startsWith('/login') || req.originalUrl === '/auth/login.html'; - if (isLoginRoute || req.path === '/status') { + if (isLoginRoute || req.originalUrl === '/status') { return next(); } @@ -32,7 +32,7 @@ function authenticateToken(req, res, next) { // Verificar token jwt.verify(token, JWT_SECRET, (err, user) => { if (err) { - if (req.path.startsWith('/api')) { + if (req.originalUrl.startsWith('/api')) { return res.status(403).json({ error: 'Token inválido' }); } return res.redirect('/login'); diff --git a/dental-server/routes/admin-clinics.js b/dental-server/routes/admin-clinics.js index dac2025..724e7e8 100644 --- a/dental-server/routes/admin-clinics.js +++ b/dental-server/routes/admin-clinics.js @@ -6,7 +6,7 @@ const bcrypt = require('bcrypt'); // Middleware para verificar se é admin const requireAdmin = (req, res, next) => { - if (req.session && req.session.user && req.session.user.is_admin) { + if (req.user && req.user.is_admin) { return next(); } return res.status(403).json({ success: false, message: 'Acesso negado' });