forked from Divith123/AIRA
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathproxy.ts
More file actions
55 lines (45 loc) · 1.56 KB
/
proxy.ts
File metadata and controls
55 lines (45 loc) · 1.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
import { getToken } from "next-auth/jwt";
import { NextResponse, type NextRequest } from "next/server";
const PUBLIC_PATHS = ["/login", "/health", "/metrics", "/webhook"];
function isPublicPath(pathname: string) {
if (PUBLIC_PATHS.includes(pathname)) return true;
if (pathname.startsWith("/.well-known")) return true;
if (pathname.startsWith("/api/auth")) return true;
if (pathname.startsWith("/api/health")) return true;
if (pathname.startsWith("/api/metrics")) return true;
if (pathname.startsWith("/api/webhook")) return true;
return false;
}
export async function proxy(request: NextRequest) {
const { pathname } = request.nextUrl;
if (pathname.startsWith("/api")) {
return NextResponse.next();
}
const secret =
process.env.NEXTAUTH_SECRET || process.env.AUTH_SECRET || process.env.JWT_SECRET;
const sessionToken = secret
? await getToken({
req: request,
secret,
})
: null;
const legacyToken = request.cookies.get("token")?.value;
const authenticated = Boolean(sessionToken || legacyToken);
if (pathname === "/login" && authenticated) {
return NextResponse.redirect(new URL("/", request.url));
}
if (isPublicPath(pathname)) {
return NextResponse.next();
}
if (!authenticated) {
const loginUrl = new URL("/login", request.url);
loginUrl.searchParams.set("next", pathname);
return NextResponse.redirect(loginUrl);
}
return NextResponse.next();
}
export const config = {
matcher: [
"/((?!_next|favicon.ico|sitemap.xml|robots.txt|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)",
],
};