routes/dashboard.js

const config = require('../config');
const database = require('../database');

// Middleware to check authentication via signed cookie
async function requireAuth(req, reply) {
  const raw = req.cookies && req.cookies.kitchen_session;
  if (!raw) { reply.redirect('/login'); return; }
  const { valid, value } = req.unsignCookie(raw || '');
  if (!valid) { reply.redirect('/login'); return; }
  const token = config.get('authToken');
  const expiry = config.get('tokenExpiry');
  const apiClient = require('../api-client');
  if (!token || apiClient.isTokenExpired(expiry)) {
    reply.redirect('/login');
    return;
  }
  if (value === token) return;
  const previousToken = config.get('previousAuthToken');
  if (previousToken && value === previousToken) {
    const isHttps = (req.protocol === 'https') || ((req.headers['x-forwarded-proto'] || '').toString().toLowerCase() === 'https');
    reply.setCookie('kitchen_session', token, {
      signed: true, httpOnly: true, secure: isHttps,
      sameSite: 'strict', maxAge: 30 * 24 * 60 * 60, path: '/'
    });
    return;
  }
  reply.redirect('/login');
}

async function dashboardRoutes(fastify, options) {

  // Dashboard page
  fastify.get('/dashboard', { preHandler: requireAuth }, async (req, reply) => {
    const appConfig = config.getAll();
    const stats = database.getOrderStats();
    
    return reply.view('dashboard', {
      config: appConfig,
      stats: stats,
      showStats: appConfig.showOrderStats !== 'false'
    });
  });
}

module.exports = dashboardRoutes;
Initial commit 2025-10-23 19:02:56 -04:00			`const config = require('../config');`
			`const database = require('../database');`

			`// Middleware to check authentication via signed cookie`
			`async function requireAuth(req, reply) {`
			`const raw = req.cookies && req.cookies.kitchen_session;`
			`if (!raw) { reply.redirect('/login'); return; }`
			`const { valid, value } = req.unsignCookie(raw \|\| '');`
			`if (!valid) { reply.redirect('/login'); return; }`
			`const token = config.get('authToken');`
			`const expiry = config.get('tokenExpiry');`
			`const apiClient = require('../api-client');`
done 2026-03-01 17:10:03 -05:00			`if (!token \|\| apiClient.isTokenExpired(expiry)) {`
Initial commit 2025-10-23 19:02:56 -04:00			`reply.redirect('/login');`
			`return;`
			`}`
done 2026-03-01 17:10:03 -05:00			`if (value === token) return;`
			`const previousToken = config.get('previousAuthToken');`
			`if (previousToken && value === previousToken) {`
			`const isHttps = (req.protocol === 'https') \|\| ((req.headers['x-forwarded-proto'] \|\| '').toString().toLowerCase() === 'https');`
			`reply.setCookie('kitchen_session', token, {`
			`signed: true, httpOnly: true, secure: isHttps,`
			`sameSite: 'strict', maxAge: 30 * 24 * 60 * 60, path: '/'`
			`});`
			`return;`
			`}`
			`reply.redirect('/login');`
Initial commit 2025-10-23 19:02:56 -04:00			`}`

			`async function dashboardRoutes(fastify, options) {`

			`// Dashboard page`
			`fastify.get('/dashboard', { preHandler: requireAuth }, async (req, reply) => {`
			`const appConfig = config.getAll();`
			`const stats = database.getOrderStats();`

			`return reply.view('dashboard', {`
			`config: appConfig,`
			`stats: stats,`
			`showStats: appConfig.showOrderStats !== 'false'`
			`});`
			`});`
			`}`

			`module.exports = dashboardRoutes;`