chore: initial project import
Some checks failed
CI - Production Readiness / Verify (push) Has been cancelled
Some checks failed
CI - Production Readiness / Verify (push) Has been cancelled
This commit is contained in:
Wira Basalamah
65
middleware.ts
Normal file
65
middleware.ts
Normal file
@ -0,0 +1,65 @@
|
||||
import { NextResponse, type NextRequest } from "next/server";
|
||||
|
||||
import { canAccessPath, getDefaultPathForRole, parseSessionCookie, SESSION_COOKIE, type UserRole } from "@/lib/auth";
|
||||
import { DEFAULT_LOCALE, isLocale, LOCALE_COOKIE } from "@/lib/i18n";
|
||||
|
||||
const publicPaths = ["/login", "/forgot-password", "/reset-password", "/unauthorized", "/invite", "/auth"];
|
||||
|
||||
function isPublicPath(pathname: string) {
|
||||
return publicPaths.some((path) => pathname === path || pathname.startsWith(`${path}/`));
|
||||
}
|
||||
|
||||
async function decodeSessionCookie(value: string) {
|
||||
return (await parseSessionCookie(value)) as null | { role: UserRole };
|
||||
}
|
||||
|
||||
export async function middleware(request: NextRequest) {
|
||||
const { pathname } = request.nextUrl;
|
||||
const response = NextResponse.next();
|
||||
|
||||
if (pathname.startsWith("/_next") || pathname.includes(".")) {
|
||||
return response;
|
||||
}
|
||||
|
||||
const sessionCookie = request.cookies.get(SESSION_COOKIE)?.value;
|
||||
const session = sessionCookie ? await decodeSessionCookie(sessionCookie) : null;
|
||||
const localeCookie = request.cookies.get(LOCALE_COOKIE)?.value;
|
||||
const acceptLanguage = request.headers.get("accept-language")?.toLowerCase() || "";
|
||||
|
||||
if (!localeCookie) {
|
||||
const detected = acceptLanguage.includes("id") ? "id" : acceptLanguage.includes("en") ? "en" : DEFAULT_LOCALE;
|
||||
response.cookies.set(LOCALE_COOKIE, detected, {
|
||||
path: "/",
|
||||
maxAge: 365 * 24 * 60 * 60,
|
||||
secure: process.env.NODE_ENV === "production",
|
||||
sameSite: "lax"
|
||||
});
|
||||
} else if (!isLocale(localeCookie)) {
|
||||
response.cookies.set(LOCALE_COOKIE, DEFAULT_LOCALE, {
|
||||
path: "/",
|
||||
maxAge: 365 * 24 * 60 * 60,
|
||||
secure: process.env.NODE_ENV === "production",
|
||||
sameSite: "lax"
|
||||
});
|
||||
}
|
||||
|
||||
if (!session && !isPublicPath(pathname) && pathname !== "/") {
|
||||
const loginUrl = new URL("/login", request.url);
|
||||
loginUrl.searchParams.set("next", pathname);
|
||||
return NextResponse.redirect(loginUrl);
|
||||
}
|
||||
|
||||
if (session && (pathname === "/" || pathname === "/login")) {
|
||||
return NextResponse.redirect(new URL(getDefaultPathForRole(session.role), request.url));
|
||||
}
|
||||
|
||||
if (session && !isPublicPath(pathname) && !canAccessPath(session.role, pathname)) {
|
||||
return NextResponse.redirect(new URL("/unauthorized", request.url));
|
||||
}
|
||||
|
||||
return response;
|
||||
}
|
||||
|
||||
export const config = {
|
||||
matcher: ["/((?!api).*)"]
|
||||
};
|
||||
Reference in New Issue
Block a user