feat: add auth-protected /draft/[slug] route

2026-01-29 01:42:08 +00:00 · 2026-01-29 01:42:08 +00:00 · 7aaeb6aa0a
commit 7aaeb6aa0a
parent 85471bc712
1 changed files with 49 additions and 0 deletions
--- a/apps/www/src/pages/draft/[slug].astro
+++ b/apps/www/src/pages/draft/[slug].astro
@ -0,0 +1,49 @@
+---
+export const prerender = false;
+
+import { getSession } from 'auth-astro/server';
+import { getCollection, render } from 'astro:content';
+import { isAdmin } from '../../lib/auth';
+import Layout from '../../layouts/Layout.astro';
+
+let session;
+try {
+  session = await getSession(Astro.request);
+} catch {
+  return new Response('Auth not configured', { status: 500 });
+}
+
+if (!session) {
+  return Astro.redirect('/api/auth/signin');
+}
+
+if (!isAdmin(session.user?.id)) {
+  return new Response('Forbidden', { status: 403 });
+}
+
+const slug = Astro.params.slug;
+const posts = await getCollection('posts', ({ data }) => data.draft === true);
+const post = posts.find(p => p.id === slug);
+
+if (!post) {
+  return new Response('Not found', { status: 404 });
+}
+
+const { Content } = await render(post);
+
+function formatDate(date: Date): string {
+  const d = String(date.getDate()).padStart(2, '0');
+  const m = String(date.getMonth() + 1).padStart(2, '0');
+  const y = String(date.getFullYear()).slice(-2);
+  return `${d}/${m}/${y}`;
+}
+---
+<Layout title={`${post.data.title} - lewis m.w.`}>
+
+<article>
+<p class="muted">[DRAFT] <a href="/draft/">back to drafts</a></p>
+<h1>{post.data.title}</h1>
+<p class="muted" style="margin-top: 0;">{formatDate(post.data.date)}</p>
+<Content />
+</article>
+</Layout>