valknar/sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: forward session token in admin SSR load functions

Browse Source 
Admin list queries (users, videos, articles) were using getGraphQLClient
without auth credentials, causing silent 403s on server-side loads. Now
extract session_token cookie and pass it to getAuthClient so the backend
sees the admin session on SSR requests.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sebastian Krüger
2026-03-06 12:56:47 +01:00
parent ad7ceee5f8
commit ebab3405b1
6 changed files with 24 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
packages/frontend/src/lib/services.ts
View File

@@ -1033,11 +1033,13 @@ const ADMIN_LIST_USERS_QUERY = gql`
export async function adminListUsers(
opts: { role?: string; search?: string; limit?: number; offset?: number } = {},
fetchFn?: typeof globalThis.fetch,
token?: string,
) {
return loggedApiCall(
"adminListUsers",
async () => {
const data = await getGraphQLClient(fetchFn).request<{
const client = token ? getAuthClient(token, fetchFn) : getGraphQLClient(fetchFn);
const data = await client.request<{
adminListUsers: { total: number; items: User[] };
}>(ADMIN_LIST_USERS_QUERY, opts);
return data.adminListUsers;
@@ -1142,9 +1144,10 @@ const ADMIN_LIST_VIDEOS_QUERY = gql`
}
`;
export async function adminListVideos(fetchFn?: typeof globalThis.fetch) {
export async function adminListVideos(fetchFn?: typeof globalThis.fetch, token?: string) {
return loggedApiCall("adminListVideos", async () => {
const data = await getGraphQLClient(fetchFn).request<{ adminListVideos: Video[] }>(
const client = token ? getAuthClient(token, fetchFn) : getGraphQLClient(fetchFn);
const data = await client.request<{ adminListVideos: Video[] }>(
ADMIN_LIST_VIDEOS_QUERY,
);
return data.adminListVideos;
@@ -1318,9 +1321,10 @@ const ADMIN_LIST_ARTICLES_QUERY = gql`
}
`;
export async function adminListArticles(fetchFn?: typeof globalThis.fetch) {
export async function adminListArticles(fetchFn?: typeof globalThis.fetch, token?: string) {
return loggedApiCall("adminListArticles", async () => {
const data = await getGraphQLClient(fetchFn).request<{ adminListArticles: Article[] }>(
const client = token ? getAuthClient(token, fetchFn) : getGraphQLClient(fetchFn);
const data = await client.request<{ adminListArticles: Article[] }>(
ADMIN_LIST_ARTICLES_QUERY,
);
return data.adminListArticles;

5
packages/frontend/src/routes/admin/articles/+page.server.ts
View File

@@ -1,6 +1,7 @@
import { adminListArticles } from "$lib/services";
export async function load({ fetch }) {
const articles = await adminListArticles(fetch).catch(() => []);
export async function load({ fetch, cookies }) {
const token = cookies.get("session_token") || "";
const articles = await adminListArticles(fetch, token).catch(() => []);
return { articles };
}

5
packages/frontend/src/routes/admin/articles/[id]/+page.server.ts
View File

@@ -1,8 +1,9 @@
import { adminListArticles } from "$lib/services";
import { error } from "@sveltejs/kit";
export async function load({ params, fetch }) {
const articles = await adminListArticles(fetch).catch(() => []);
export async function load({ params, fetch, cookies }) {
const token = cookies.get("session_token") || "";
const articles = await adminListArticles(fetch, token).catch(() => []);
const article = articles.find((a) => a.id === params.id);
if (!article) throw error(404, "Article not found");
return { article };

5
packages/frontend/src/routes/admin/users/+page.server.ts
View File

@@ -1,12 +1,13 @@
import { adminListUsers } from "$lib/services";
export async function load({ fetch, url }) {
export async function load({ fetch, url, cookies }) {
const token = cookies.get("session_token") || "";
const role = url.searchParams.get("role") || undefined;
const search = url.searchParams.get("search") || undefined;
const offset = parseInt(url.searchParams.get("offset") || "0", 10);
const limit = 50;
const result = await adminListUsers({ role, search, limit, offset }, fetch).catch(() => ({
const result = await adminListUsers({ role, search, limit, offset }, fetch, token).catch(() => ({
items: [],
total: 0,
}));

5
packages/frontend/src/routes/admin/videos/+page.server.ts
View File

@@ -1,6 +1,7 @@
import { adminListVideos } from "$lib/services";
export async function load({ fetch }) {
const videos = await adminListVideos(fetch).catch(() => []);
export async function load({ fetch, cookies }) {
const token = cookies.get("session_token") || "";
const videos = await adminListVideos(fetch, token).catch(() => []);
return { videos };
}

5
packages/frontend/src/routes/admin/videos/[id]/+page.server.ts
View File

@@ -1,9 +1,10 @@
import { adminListVideos, getModels } from "$lib/services";
import { error } from "@sveltejs/kit";
export async function load({ params, fetch }) {
export async function load({ params, fetch, cookies }) {
const token = cookies.get("session_token") || "";
const [allVideos, models] = await Promise.all([
adminListVideos(fetch).catch(() => []),
adminListVideos(fetch, token).catch(() => []),
getModels(fetch).catch(() => []),
]);