diff --git a/dental-server/auth.js b/dental-server/auth.js index aa2342f..1b16349 100644 --- a/dental-server/auth.js +++ b/dental-server/auth.js @@ -13,10 +13,13 @@ function authenticateToken(req, res, next) { const authHeader = req.headers['authorization']; const token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN + // Identifica se a rota é uma API (via URL ou cabeçalho Accept) + const isApiRoute = req.originalUrl.includes('/api') || + (req.headers.accept && req.headers.accept.includes('application/json')); + // Se não tem token, verifica se está tentando acessar uma página if (!token) { - const isApiRoute = req.originalUrl.startsWith('/api'); - const isLoginRoute = req.originalUrl.startsWith('/login') || req.originalUrl === '/auth/login.html'; + const isLoginRoute = req.originalUrl.includes('/login') || req.originalUrl === '/auth/login.html'; if (isLoginRoute || req.originalUrl === '/status') { return next(); @@ -32,7 +35,7 @@ function authenticateToken(req, res, next) { // Verificar token jwt.verify(token, JWT_SECRET, (err, user) => { if (err) { - if (req.originalUrl.startsWith('/api')) { + if (isApiRoute) { return res.status(403).json({ error: 'Token inválido' }); } return res.redirect('/login'); diff --git a/dental-server/public/admin-clinics.html b/dental-server/public/admin-clinics.html index aecfdef..a0f0450 100644 --- a/dental-server/public/admin-clinics.html +++ b/dental-server/public/admin-clinics.html @@ -14,7 +14,7 @@ - +
@@ -196,6 +196,6 @@