-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmiddleware.ts
More file actions
44 lines (37 loc) · 1.64 KB
/
middleware.ts
File metadata and controls
44 lines (37 loc) · 1.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
import { NextResponse } from "next/server";
import { auth } from "@/app/api/auth/[...nextauth]/authConfig";
export default auth(async function middleware(req) {
if (req.method === "OPTIONS") {
return NextResponse.next();
}
const { pathname, origin } = req.nextUrl;
const apiKey = req.headers.get("X-Uroboros") ?? null;
const xUroborosKey = process.env.APP_API_KEY;
const isApiRoute = pathname.startsWith("/api");
const isLoginRoute = pathname === "/api/login";
const isNextAuthRoute = pathname.startsWith("/api/auth");
const hasKeyAndMatch = apiKey ? apiKey === xUroborosKey : false;
const isImageApi = pathname.startsWith("/api/images");
const allowedEndpoint = ["/on-site-coordinates"];
if (!req.auth) {
if (isApiRoute && !isLoginRoute && !isNextAuthRoute && !isImageApi) {
if (!hasKeyAndMatch && allowedEndpoint.includes(pathname)) {
return NextResponse.json({ message: "Unauthorized" }, { status: 401 });
}
} else if (!isLoginRoute && !isApiRoute) {
const pathToGo = req.nextUrl.pathname;
return NextResponse.redirect(new URL(`/login?callbackUrl=${pathToGo}`, origin));
}
}
//? if in /home but the user is admin then redirect to dashboard
if (pathname.startsWith("/home") && req.auth?.user.role === "admin") {
return NextResponse.redirect(new URL("/dashboard", req.url));
}
//? if in /dashboard but the user is not admin then redirect to home
if (pathname.startsWith("/dashboard") && req.auth?.user.role !== "admin") {
return NextResponse.redirect(new URL("/home", req.url));
}
});
export const config = {
matcher: ["/home/:path*", "/dashboard/:path*", "/api/:path*"],
};