// File: frontend/app/layout.jsx import Link from "next/link"; import { redirect } from "next/navigation"; import { cookies, headers } from "next/headers"; // ถ้ามี lib rbac เดิมอยู่ให้ใช้ต่อได้ import { can } from "@/lib/rbac"; // แก้ title ให้ถูกสะกด export const metadata = { title: "DMS | Protected" }; const API_BASE = (process.env.NEXT_PUBLIC_API_BASE || "").replace(/\/$/, ""); async function fetchSessionFromAPI() { // ดึงคุกกี้จริงจากฝั่งเซิร์ฟเวอร์ แล้วส่งต่อให้ backend const cookieHeader = cookies().toString(); // serialize ทั้งชุด const hostHdr = headers().get("host"); const protoHdr = headers().get("x-forwarded-proto") || "https"; const res = await fetch(`${API_BASE}/api/auth/me`, { method: "GET", headers: { Cookie: cookieHeader, // เผื่อ backend ตรวจ origin/proto/host "X-Forwarded-Host": hostHdr || "", "X-Forwarded-Proto": protoHdr, Accept: "application/json", }, // server component ไม่ต้องใช้ credentials cache: "no-store", }); if (!res.ok) return null; try { const data = await res.json(); return data?.ok ? data : null; } catch { return null; } } export default async function ProtectedLayout({ children }) { const session = await fetchSessionFromAPI(); if (!session) { // พยายามส่ง next path กลับไปที่ /login redirect("/login?next=/dashboard"); } const { user } = session; return (
{/* System / Quick Actions */}
Document Management System — LCBP3 Phase 3
{can(user, "admin:view") && ( Admin )} {can(user, "users:manage") && ( ผู้ใช้/บทบาท )} {can(user, "health:view") && ( Health )} {can(user, "workflow:view") && ( Workflow )} {can(user, "rfa:create") && ( + RFA )} {can(user, "drawing:upload") && ( + Upload Drawing )} {can(user, "transmittal:create") && ( + Transmittal )} {can(user, "correspondence:create") && ( + หนังสือสื่อสาร )}
{children}
); }