Skip to content

Commit c05aadd

Browse files
alexnuttallalexnuttall
committed
CCM-8590: initial
1 parent 44f3669 commit c05aadd

File tree

1 file changed

+40
-7
lines changed

1 file changed

+40
-7
lines changed

frontend/src/middleware.ts

Lines changed: 40 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,39 @@ import { NextResponse, type NextRequest } from 'next/server';
22
import { getAccessTokenServer } from '@utils/amplify-utils';
33
import { getBasePath } from '@utils/get-base-path';
44

5+
const protectedPaths = [
6+
/^\/choose-a-template-type$/,
7+
/^\/copy-template\/[^/]+$/,
8+
/^\/create-email-template$/,
9+
/^\/create-nhs-app-template$/,
10+
/^\/create-text-message-template$/,
11+
/^\/delete-template\/[^/]+$/,
12+
/^\/edit-email-template\/[^/]+$/,
13+
/^\/edit-nhs-app-template/,
14+
/^\/edit-text-message-template\/[^/]+$/,
15+
/^\/email-template-submitted\/[^/]+$/,
16+
/^\/invalid-template$/,
17+
/^\/manage-templates$/,
18+
/^\/nhs-app-template-submitted\/[^/]+$/,
19+
/^\/preview-email-template\/[^/]+$/,
20+
/^\/preview-nhs-app-template\/[^/]+$/,
21+
/^\/preview-text-message-template\/[^/]+$/,
22+
/^\/submit-email-template\/[^/]+$/,
23+
/^\/submit-nhs-app-template\/[^/]+$/,
24+
/^\/submit-text-message-template\/[^/]+$/,
25+
/^\/text-message-template-submitted\/[^/]+$/,
26+
/^\/view-submitted-email-template\/[^/]+$/,
27+
/^\/view-submitted-nhs-app-template\/[^/]+$/,
28+
/^\/view-submitted-text-message-template\/[^/]+$/,
29+
];
30+
31+
const publicPaths = [
32+
/^\/create-and-submit-templates$/,
33+
/^\/auth$/,
34+
/^\/auth\/signin$/,
35+
/^\/auth\/signout$/,
36+
];
37+
538
function getContentSecurityPolicy(nonce: string) {
639
const contentSecurityPolicyDirective = {
740
'base-uri': [`'self'`],
@@ -28,21 +61,17 @@ function getContentSecurityPolicy(nonce: string) {
2861
.join('; ');
2962
}
3063

31-
function isPublicPath(path: string, publicPaths: string[]): boolean {
32-
return publicPaths.some((publicPath) => path.startsWith(publicPath));
33-
}
34-
3564
export async function middleware(request: NextRequest) {
65+
const { pathname } = request.nextUrl;
66+
3667
const nonce = Buffer.from(crypto.randomUUID()).toString('base64');
3768

3869
const csp = getContentSecurityPolicy(nonce);
3970

4071
const requestHeaders = new Headers(request.headers);
4172
requestHeaders.set('Content-Security-Policy', csp);
4273

43-
const publicPaths = ['/create-and-submit-templates', '/auth', '/lib'];
44-
45-
if (isPublicPath(request.nextUrl.pathname, publicPaths)) {
74+
if (publicPaths.some((p) => p.test(pathname))) {
4675
const publicPathResponse = NextResponse.next({
4776
request: {
4877
headers: requestHeaders,
@@ -54,6 +83,10 @@ export async function middleware(request: NextRequest) {
5483
return publicPathResponse;
5584
}
5685

86+
if (!protectedPaths.some((p) => p.test(pathname))) {
87+
return new NextResponse('Page not found', { status: 404 });
88+
}
89+
5790
const token = await getAccessTokenServer();
5891

5992
if (!token) {

0 commit comments

Comments
 (0)