diff --git a/frontend/app/(protected)/layout.jsx b/frontend/app/(protected)/layout.jsx index 245a7b6c..3b7fedba 100755 --- a/frontend/app/(protected)/layout.jsx +++ b/frontend/app/(protected)/layout.jsx @@ -1,16 +1,44 @@ // frontend/app/(protected)/layout.jsx import Link from "next/link"; import { redirect } from "next/navigation"; -import { getSession } from "@/lib/auth"; +import { cookies, headers } from "next/headers"; import { can } from "@/lib/rbac"; export const metadata = { title: "DMS | Protected" }; +const API_BASE = (process.env.NEXT_PUBLIC_API_BASE || "").replace(/\/$/, ""); + +async function fetchSessionFromAPI() { + const cookieStore = await cookies(); // ✅ ต้อง await + const cookieHeader = cookieStore.toString(); + const hdrs = await headers(); // ✅ ต้อง await + const hostHdr = hdrs.get("host"); + const protoHdr = hdrs.get("x-forwarded-proto") || "https"; + + const res = await fetch(`${API_BASE}/api/auth/me`, { + method: "GET", + headers: { + Cookie: cookieHeader, + "X-Forwarded-Host": hostHdr || "", + "X-Forwarded-Proto": protoHdr, + Accept: "application/json", + }, + cache: "no-store", + }); + + if (!res.ok) return null; + try { + const data = await res.json(); + return data?.ok ? data : null; + } catch { + return null; + } +} + export default async function ProtectedLayout({ children }) { - // ตรวจ session ฝั่งเซิร์ฟเวอร์ ด้วยคุกกี้จริง - const session = await getSession(); + const session = await fetchSessionFromAPI(); if (!session) { - redirect("/login"); + redirect("/login?next=/dashboard"); } const { user } = session; @@ -23,73 +51,17 @@ export default async function ProtectedLayout({ children }) { @@ -98,81 +70,17 @@ export default async function ProtectedLayout({ children }) { {/* System / Quick Actions */}
- Document Management System — LCP3 Phase 3 + Document Management System — LCBP3 Phase 3
- {can(user, "admin:view") && ( - - Admin - - )} - {can(user, "users:manage") && ( - - ผู้ใช้/บทบาท - - )} - {can(user, "health:view") && ( - - Health - - )} - {can(user, "workflow:view") && ( - - Workflow - - )} - {can(user, "rfa:create") && ( - - + RFA - - )} - {can(user, "drawing:upload") && ( - - + Upload Drawing - - )} - {can(user, "transmittal:create") && ( - - + Transmittal - - )} - {can(user, "correspondence:create") && ( - - + หนังสือสื่อสาร - - )} + {can(user, "admin:view") && Admin} + {can(user, "users:manage") && ผู้ใช้/บทบาท} + {can(user, "health:view") && Health} + {can(user, "workflow:view") && Workflow} + {can(user, "rfa:create") && + RFA} + {can(user, "drawing:upload") && + Upload Drawing} + {can(user, "transmittal:create") && + Transmittal} + {can(user, "correspondence:create") && + หนังสือสื่อสาร}
{children}