@@ -68,6 +68,9 @@ async function gqlQueryFetch(req: NextRequest, query: gqlQuery) {
6868 } ) ;
6969}
7070
71+ /// Get the current user from the backend
72+ /// @param req - NextRequest
73+ /// @returns Promise<number | null> - user id or null if not logged in
7174async function getCurrentUser ( req : NextRequest ) : Promise < number | null > {
7275 const { cookies } = req ;
7376 const hasSession = cookies . has ( "sessionid" ) ;
@@ -125,19 +128,7 @@ async function getCurrentUser(req: NextRequest): Promise<number | null> {
125128 return null ;
126129}
127130
128- /// Check if user is logged in
129- /// @param req - NextRequest
130- /// @returns boolean
131- /// Checks both sessionid and makes a request to the backend to check if the session is valid
132- /// log incorrect requests but don't throw errors
133- async function isLoggedIn ( req : NextRequest ) {
134- const user = await getCurrentUser ( req ) ;
135- if ( ! user ) {
136- return false ;
137- }
138- return true ;
139- }
140-
131+ /// Get language code from the url
141132function getLocalizationFromUrl ( url : URL ) : LocalizationLanguages {
142133 // frontpage has no trailing slash
143134 if ( url . pathname . startsWith ( "/en/" ) || url . pathname === "/en" ) {
@@ -151,13 +142,20 @@ function getLocalizationFromUrl(url: URL): LocalizationLanguages {
151142
152143/// Save user language to the backend if it has changed
153144/// @param req - NextRequest
145+ /// @param user - user id or null if not logged in
154146/// @returns Promise<string | undefined> - the new language or undefined if it hasn't changed
155147/// uses the following cookies: sessionid, csrftoken, (language)
156148/// only saves the language if the user is logged in
157149/// NOTE The responsibility to update the cookie is on the caller (who creates the next request).
158- async function maybeSaveUserLanguage ( req : NextRequest ) {
150+ async function maybeSaveUserLanguage (
151+ req : NextRequest ,
152+ user : number | null
153+ ) : Promise < string | undefined > {
159154 const { cookies } = req ;
160155 const url = new URL ( req . url ) ;
156+ if ( user == null ) {
157+ return ;
158+ }
161159 if ( isPageRequest ( url ) ) {
162160 const sessionid = cookies . get ( "sessionid" ) ;
163161 if ( sessionid == null ) {
@@ -169,11 +167,6 @@ async function maybeSaveUserLanguage(req: NextRequest) {
169167 return ;
170168 }
171169
172- const currentUser = await getCurrentUser ( req ) ;
173- if ( currentUser == null ) {
174- return ;
175- }
176-
177170 const query : gqlQuery = {
178171 query : `
179172 mutation SaveUserLanguage($preferredLanguage: PreferredLanguage!) {
@@ -199,11 +192,17 @@ async function maybeSaveUserLanguage(req: NextRequest) {
199192 }
200193}
201194
202- async function redirectProtectedRoute ( req : NextRequest ) {
195+ /// Check if the user is logged in and redirect to the sign in page if not
196+ /// @param req - NextRequest
197+ /// @param user - user id or null if not logged in
198+ /// @returns Promise<string | undefined> - the redirect url or null if no redirect is needed
199+ function getRedirectProtectedRoute (
200+ req : NextRequest ,
201+ user : number | null
202+ ) : string | null {
203203 const { headers } = req ;
204- const isSignedIn = await isLoggedIn ( req ) ;
205204
206- if ( ! isSignedIn ) {
205+ if ( user == null ) {
207206 // on the server we are behind a gateway so get the forwarded headers
208207 // localhost has no headers
209208 const currentUrl = req . url ;
@@ -213,7 +212,7 @@ async function redirectProtectedRoute(req: NextRequest) {
213212 const origin = `${ protocol } ://${ host } ` ;
214213 return getSignInUrl ( apiBaseUrl , url . pathname , origin ) ;
215214 }
216- return undefined ;
215+ return null ;
217216}
218217
219218/// Check if the request is a page request
@@ -269,7 +268,6 @@ function redirectCsrfToken(req: NextRequest): URL | undefined {
269268// matcher syntax: /hard-path/:path* -> /hard-path/anything
270269// our syntax: hard-path
271270const authenticatedRoutes = [
272- "intro" ,
273271 "reservation" , //:path*',
274272 "reservations" , //:path*',
275273 "applications" , //:path*',
@@ -294,14 +292,21 @@ export async function middleware(req: NextRequest) {
294292 return NextResponse . redirect ( redirectUrl ) ;
295293 }
296294
295+ // don't make unnecessary requests to the backend for every asset
296+ if ( ! isPageRequest ( new URL ( req . url ) ) ) {
297+ return NextResponse . next ( ) ;
298+ }
299+
300+ const user = await getCurrentUser ( req ) ;
301+
297302 if ( authenticatedRoutes . some ( ( route ) => doesUrlMatch ( req . url , route ) ) ) {
298- const redirect = await redirectProtectedRoute ( req ) ;
303+ const redirect = getRedirectProtectedRoute ( req , user ) ;
299304 if ( redirect ) {
300305 return NextResponse . redirect ( new URL ( redirect , req . url ) ) ;
301306 }
302307 }
303308
304- const lang = await maybeSaveUserLanguage ( req ) ;
309+ const lang = await maybeSaveUserLanguage ( req , user ) ;
305310
306311 if ( lang != null ) {
307312 const n = NextResponse . next ( ) ;
0 commit comments