create 403 page

.vscode/settings.json

@@ -19,5 +19,6 @@
 
   "githubPullRequests.ignoredPullRequestBranches": [
     "master"
-  ]
+  ],
+  "debug.allowBreakpointsEverywhere": true
 }

apps/app/src/components/LoginForm.tsx

@@ -102,17 +102,13 @@ export const LoginForm = (props: LoginFormProps): JSX.Element => {
 
     try {
       const res = await apiv3Post('/login', { loginForm });
-      const { redirectTo, isAdmin } = res.data;
-
-      if (!isAdmin && redirectTo === '/admin') {
-        return router.push('/');
-      }
+      const { redirectTo } = res.data;
 
       if (redirectTo != null) {
         return router.push(redirectTo);
       }
 
-      return router.push('/');
+      return router.push('/Page403');
     }
     catch (err) {
       const errs = toArrayIfNot(err);

apps/app/src/pages/Page403.page.tsx

@@ -0,0 +1,12 @@
+import React from 'react';
+
+import DefaultErrorPage from 'next/error';
+
+export default function Page403() {
+  return (
+    <>
+      <DefaultErrorPage statusCode={403} />
+      {/* <h1>403 forbidden</h1> */}
+    </>
+  );
+}

apps/app/src/pages/admin/index.page.tsx

@@ -5,12 +5,15 @@ import {
 import { useTranslation } from 'next-i18next';
 import dynamic from 'next/dynamic';
 import Head from 'next/head';
+import { useRouter } from 'next/router';
 import { Container, Provider } from 'unstated';
 
 import AdminHomeContainer from '~/client/services/AdminHomeContainer';
 import { CrowiRequest } from '~/interfaces/crowi-request';
 import { CommonProps, generateCustomTitle } from '~/pages/utils/commons';
-import { useCurrentUser, useGrowiCloudUri, useGrowiAppIdForGrowiCloud } from '~/stores/context';
+import {
+  useCurrentUser, useGrowiCloudUri, useGrowiAppIdForGrowiCloud, useIsAdmin,
+} from '~/stores/context';
 
 import { retrieveServerSideProps } from '../../utils/admin-page-util';
 
@@ -32,6 +35,12 @@ const AdminHomePage: NextPage<Props> = (props) => {
   useCurrentUser(props.currentUser ?? null);
   useGrowiCloudUri(props.growiCloudUri);
   useGrowiAppIdForGrowiCloud(props.growiAppIdForGrowiCloud);
+  const { data: isAdmin } = useIsAdmin();
+  const router = useRouter();
+
+  if (!isAdmin) {
+    router.push('/Page403');
+  }
 
   const { t } = useTranslation('admin');
 

apps/app/src/server/middlewares/admin-required.js

@@ -16,7 +16,7 @@ module.exports = (crowi, fallback = null) => {
       if (fallback != null) {
         return fallback(req, res, next);
       }
-      return res.redirect('/');
+      return res.redirect('/Page403');
     }
 
     logger.warn('This user has not logged in.');
@@ -26,5 +26,4 @@ module.exports = (crowi, fallback = null) => {
     }
     return res.redirect('/login');
   };
-
 };

apps/app/src/server/routes/login-passport.js

@@ -118,8 +118,6 @@ module.exports = function(crowi, app) {
       },
     };
 
-    const isAdmin = req.user.admin;
-
     await crowi.activityService.createActivity(parameters);
 
     const redirectToForUnauthenticated = createRedirectToForUnauthenticated(req.user.status);
@@ -129,7 +127,7 @@ module.exports = function(crowi, app) {
       return res.redirect(redirectTo);
     }
 
-    return res.apiv3({ redirectTo, isAdmin });
+    return res.apiv3({ redirectTo });
   };
 
   const injectRedirectTo = (req, res, next) => {