Add API-aware authentication with auto-detection (needs execution flow fix)

✅ Working: - Auto-detects API requests from /api/ in URI - Optional :api keyword parameter for explicit control - Returns JSON for API requests, redirects for pages - Page redirects work perfectly (admin page redirects to login) - API detection logs show correct behavior ❌ Issue: - API endpoints still execute after require-authentication returns JSON - radiance:api-output doesn't stop execution like redirect does - Need proper Radiance mechanism to halt request processing Question for easilokx: What's the correct way to stop execution and return JSON from a helper function like require-authentication? We tried api-output but execution continues. How does redirect actually stop execution?
2025-10-07 09:22:33 +03:00 · 2025-10-07 09:22:33 +03:00 · 9ec7848b47
parent 707e7aba96
commit 9ec7848b47
1 changed files with 10 additions and 12 deletions
--- a/user-management.lisp
+++ b/user-management.lisp
@ -148,12 +148,11 @@
              (progn
                (format t "Authentication failed - returning JSON 401~%")
                (setf (radiance:header "Content-Type") "application/json")
-                (setf (radiance:response-data) 
-                      (cl-json:encode-json-to-string
-                       `(("error" . "Authentication required")
-                         ("status" . 401)
-                         ("message" . "You must be logged in to access this resource"))))
-                (radiance:redirect (radiance:uri)))
+                (radiance:api-output
+                 (cl-json:encode-json-to-string
+                  `(("error" . "Authentication required")
+                    ("status" . 401)
+                    ("message" . "You must be logged in to access this resource")))))
              ;; Page request - redirect to login
              (progn
                (format t "Authentication failed - redirecting to login~%")
@ -193,12 +192,11 @@
              (progn
                (format t "Role check failed - returning JSON 403~%")
                (setf (radiance:header "Content-Type") "application/json")
-                (error 'api-auth-error
-                       :status-code 403
-                       :json-response (cl-json:encode-json-to-string
-                                       `(("error" . "Authentication required")
-                                         ("status" . 403)
-                                         ("message" . ,(format nil "You must be logged in with ~a role to access this resource" role))))))
+                (radiance:api-output
+                 (cl-json:encode-json-to-string
+                  `(("error" . "Authentication required")
+                    ("status" . 403)
+                    ("message" . ,(format nil "You must be logged in with ~a role to access this resource" role))))))
              ;; Page request - redirect to login
              (progn
                (format t "Role check failed - redirecting to login~%")