-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathmiddleware.ts
More file actions
65 lines (55 loc) · 2.38 KB
/
middleware.ts
File metadata and controls
65 lines (55 loc) · 2.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
import { updateSession } from "@/lib/supabase/middleware";
import { type NextRequest, NextResponse } from "next/server";
export async function middleware(request: NextRequest) {
// 处理 CORS 预检请求
if (request.method === "OPTIONS") {
return new NextResponse(null, {
status: 200,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
"Access-Control-Allow-Headers": "Content-Type, Authorization, X-Requested-With",
},
});
}
// 如果 URL 包含 code 参数(OAuth 回调),重定向到 /auth/callback
const code = request.nextUrl.searchParams.get("code");
if (code && request.nextUrl.pathname === "/") {
const callbackUrl = new URL("/auth/callback", request.url);
// 保留所有查询参数
request.nextUrl.searchParams.forEach((value, key) => {
callbackUrl.searchParams.set(key, value);
});
console.log("Redirecting OAuth callback from / to /auth/callback");
return NextResponse.redirect(callbackUrl);
}
// 对于 vocespace API 路由,跳过身份验证,直接处理
if (request.nextUrl.pathname.startsWith("/api/vocespace")) {
// 直接返回 NextResponse.next() 而不调用 updateSession
const response = NextResponse.next();
// 添加 CORS 头部
response.headers.set("Access-Control-Allow-Origin", "*");
response.headers.set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Requested-With");
return response;
}
// 对于其他 API 路由,正常处理身份验证
if (request.nextUrl.pathname.startsWith("/api/")) {
const response = await updateSession(request);
// 添加 CORS 头部到所有 API 响应
response.headers.set("Access-Control-Allow-Origin", "*");
response.headers.set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Requested-With");
return response;
}
return await updateSession(request);
}
export const config = {
matcher: [
/*
* Match all request paths including API routes
*/
"/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)",
"/api/:path*", // 明确包含 API 路由
],
};