feat(auth): add auth guard in hooks.server.ts with session validation

Validates session cookie via GET /v1/auth/me, populates event.locals with benutzer and haushalt, redirects to /login if unauthenticated. Public routes (/login, /register, /invite) bypass auth. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-02 13:19:40 +02:00
parent cfe38c39aa
commit 7a17873046
3 changed files with 161 additions and 0 deletions
--- a/frontend/src/app.d.ts
+++ b/frontend/src/app.d.ts
@@ -0,0 +1,25 @@
+// See https://svelte.dev/docs/kit/types#app.d.ts
+// for information about these interfaces
+declare global {
+	namespace App {
+		interface Error {
+			meldung?: string;
+		}
+		interface Locals {
+			benutzer?: {
+				id: string;
+				name: string;
+				rolle: 'planer' | 'mitglied';
+			};
+			haushalt?: {
+				id: string;
+				name: string;
+			};
+		}
+		// interface PageData {}
+		// interface PageState {}
+		// interface Platform {}
+	}
+}
+
+export {};