Fix admin-clinics auth and JWT usage

This commit is contained in:
VPS 4 Builder
2026-05-26 05:45:13 +02:00
parent 5324a830b2
commit c637977d3b
2 changed files with 5 additions and 5 deletions
+4 -4
View File
@@ -15,10 +15,10 @@ function authenticateToken(req, res, next) {
// Se não tem token, verifica se está tentando acessar uma página
if (!token) {
const isApiRoute = req.path.startsWith('/api');
const isLoginRoute = req.path.startsWith('/login') || req.path === '/auth/login.html';
const isApiRoute = req.originalUrl.startsWith('/api');
const isLoginRoute = req.originalUrl.startsWith('/login') || req.originalUrl === '/auth/login.html';
if (isLoginRoute || req.path === '/status') {
if (isLoginRoute || req.originalUrl === '/status') {
return next();
}
@@ -32,7 +32,7 @@ function authenticateToken(req, res, next) {
// Verificar token
jwt.verify(token, JWT_SECRET, (err, user) => {
if (err) {
if (req.path.startsWith('/api')) {
if (req.originalUrl.startsWith('/api')) {
return res.status(403).json({ error: 'Token inválido' });
}
return res.redirect('/login');
+1 -1
View File
@@ -6,7 +6,7 @@ const bcrypt = require('bcrypt');
// Middleware para verificar se é admin
const requireAdmin = (req, res, next) => {
if (req.session && req.session.user && req.session.user.is_admin) {
if (req.user && req.user.is_admin) {
return next();
}
return res.status(403).json({ success: false, message: 'Acesso negado' });