forked from EddieHubCommunity/BioDrop
-
Notifications
You must be signed in to change notification settings - Fork 1
/
middleware.js
110 lines (96 loc) · 2.94 KB
/
middleware.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
import { getToken } from "next-auth/jwt";
import { NextResponse } from "next/server";
// note: logger is not available in middleware, using console.log instead
export const config = {
matcher: [
"/",
// account management
"/account/:path*",
"/api/account/:path*",
// admin section
"/admin/:path*",
"/api/admin/:path*",
],
};
export async function middleware(req) {
const protocol = process.env.NODE_ENV === "development" ? "http" : "https";
const hostname = req.headers.get("host");
const reqPathName = req.nextUrl.pathname;
const sessionRequired = ["/account", "/api/account"];
const adminRequired = ["/admin", "/api/admin"];
const adminUsers = process.env.ADMIN_USERS.split(",");
const hostedDomain = process.env.NEXT_PUBLIC_BASE_URL.replace(
/http:\/\/|https:\/\//,
"",
);
const hostedDomains = [hostedDomain, `www.${hostedDomain}`];
// if custom domain + on root path
if (!hostedDomains.includes(hostname) && reqPathName === "/") {
console.log(`custom domain used: "${hostname}"`);
let res;
let profile;
let url = `${
process.env.NEXT_PUBLIC_BASE_URL
}/api/search/${encodeURIComponent(hostname)}`;
try {
res = await fetch(url, {
method: "GET",
headers: {
"Content-Type": "application/json",
},
});
profile = await res.json();
} catch (e) {
console.error(url, e);
return NextResponse.error(e);
}
if (
profile?.username &&
profile.user.type === "premium" &&
profile.settings?.domain &&
profile.settings.domain === hostname
) {
console.log(
`custom domain matched "${hostname}" for username "${profile.username}" (protocol: "${protocol}")`,
);
// if match found rewrite to custom domain and display profile page
return NextResponse.rewrite(
new URL(
`/${profile.username}`,
`${protocol}://${profile.settings.domain}`,
),
);
}
console.error(`custom domain NOT matched "${hostname}"`);
}
// if not in sessionRequired or adminRequired, skip
if (
!sessionRequired
.concat(adminRequired)
.some((path) => reqPathName.startsWith(path))
) {
return NextResponse.next();
}
const session = await getToken({
req: req,
secret: process.env.NEXTAUTH_SECRET,
});
// if no session reject request
if (!session) {
if (reqPathName.startsWith("/api")) {
return NextResponse.json({}, { status: 401 });
}
return NextResponse.redirect(new URL("/auth/signin", req.url));
}
const username = session.username;
// if admin request check user is allowed
if (adminRequired.some((path) => reqPathName.startsWith(path))) {
if (!adminUsers.includes(username)) {
if (reqPathName.startsWith("/api")) {
return NextResponse.json({}, { status: 401 });
}
return NextResponse.redirect(new URL("/404", req.url));
}
}
return NextResponse.next();
}