-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathmiddleware.ts
More file actions
71 lines (58 loc) · 2.16 KB
/
middleware.ts
File metadata and controls
71 lines (58 loc) · 2.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
import { getSession } from './app/config/withSession';
import { getHostnameFromRequest } from '@/lib/utils';
// Helper function to call check-access API
async function callCheckAccessAPI(userId: string, urlPath: string, baseUrl: string) {
try {
const basePath = process.env.NEXT_PUBLIC_API_BASE_PATH;
const fullUrl = `${baseUrl}${basePath}/api/auth/check-access`;
const response = await fetch(fullUrl, {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
userId,
urlPath
}),
});
if (!response.ok) {
return false;
}
const jsonData = await response.json();
return jsonData.data?.hasAccess;
} catch (error) {
return false;
}
}
export async function middleware(request: NextRequest) {
const { pathname } = request.nextUrl;
const hostname = getHostnameFromRequest(request);
const session = await getSession();
// Call check-access API for every page access (except API routes and static files)
if (!pathname.startsWith('/api/') && !pathname.startsWith('/_next/') && !pathname.includes('.') && session?.user?.roleCode === 'USER') {
try {
if (session?.user && session?.user?._id) {
// Call check-access API for every page access
const hasAccess = await callCheckAccessAPI(session?.user?._id, process.env.NEXT_PUBLIC_API_BASE_PATH || '', hostname || '');
// If access is denied, redirect to login page
if (!hasAccess) {
return NextResponse.redirect(new URL('/login', request.url));
} else {
return NextResponse.next();
}
} else {
return NextResponse.redirect(new URL('/login', request.url));
}
} catch (error) {
console.error('Error in middleware check-access call:', error);
// Redirect to login page on error
return NextResponse.redirect(new URL('/login', request.url));
}
}
return NextResponse.next();
}
export const config = {
matcher: ["/((?!.*\\..*|_next).*)", "/", "/(api|trpc)(.*)"],
};