feat: update

backend/app/middlewares/mid_auth.go

@@ -29,11 +29,6 @@ func (f *Middlewares) Auth(ctx fiber.Ctx) error {
 		return ctx.Next()
 	}
 
-	// check is XMLHttpRequest
-	if ctx.XHR() {
-		return ctx.SendStatus(fiber.StatusUnauthorized)
-	}
-
 	fullUrl := utils.FullURI(ctx)
 	u, err := url.Parse(fullUrl)
 	if err != nil {
@@ -50,6 +45,9 @@ func (f *Middlewares) Auth(ctx fiber.Ctx) error {
 	log.Infof("cookie: %s", cookie)
 	if cookie == "" {
 		log.Infof("auth redirect_uri: %s", fullUrl)
+		if ctx.XHR() {
+			return ctx.SendStatus(fiber.StatusUnauthorized)
+		}
 		return ctx.Redirect().To(fullUrl)
 	}
 
@@ -57,6 +55,9 @@ func (f *Middlewares) Auth(ctx fiber.Ctx) error {
 	if err != nil {
 		// remove cookie
 		ctx.ClearCookie("token")
+		if ctx.XHR() {
+			return ctx.SendStatus(fiber.StatusUnauthorized)
+		}
 		return ctx.Redirect().To(fullUrl)
 	}
 
@@ -64,6 +65,9 @@ func (f *Middlewares) Auth(ctx fiber.Ctx) error {
 	if err != nil {
 		// remove cookie
 		ctx.ClearCookie("token")
+		if ctx.XHR() {
+			return ctx.SendStatus(fiber.StatusUnauthorized)
+		}
 		return ctx.Redirect().To(fullUrl)
 	}
 	ctx.Locals("user", user)

backend/test.http

@@ -58,6 +58,11 @@ Content-Type: application/json
 GET {{host}}/v1/admin/orders HTTP/1.1
 Content-Type: application/json
 
+### get posts
+GET {{host}}/v1/posts HTTP/1.1
+Content-Type: application/json
+Cookie: token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxMDAxLCJleHAiOjE3NDY1MzU4MjYsIm5iZiI6MTc0NTkzMTAxNn0.Vg8LqDQLkpEvohBYEPSTPrGzKAyMNJ_m7uSm3NBbuDM
+
 ### get orders
 GET {{host}}/v1/posts/mine HTTP/1.1
 Content-Type: application/json
@@ -79,4 +84,6 @@ Authorization: {{token}}
 
 ### get user profile
 GET {{host}}/v1/users/profile HTTP/1.1
-Authorization: {{token}}
+Authorization: {{token}}
+
+