-
Notifications
You must be signed in to change notification settings - Fork 0
/
middleware.ts
72 lines (54 loc) · 1.76 KB
/
middleware.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
import NextAuth from "next-auth";
import authConfig from "./auth.config";
import {
publicRoutes,
authRoutes,
apiAuthPrefix,
DEFAULT_LOGIN_REDIRECT,
} from "./routes";
export const { auth } = NextAuth(authConfig);
export default auth((req) => {
const { nextUrl } = req;
const isLoggedIn = !!req.auth;
// Check if the route is /api/webhook
const isWebhookRoute = nextUrl.pathname === "/api/webhook";
//The are routes that starts with /api/auth
const isApiAuthRoute = nextUrl.pathname.startsWith(apiAuthPrefix);
//These are all the public routes
const isPublicRoute = publicRoutes.includes(nextUrl.pathname);
//These are all the authentication routes
const isAuthRoute = authRoutes.includes(nextUrl.pathname);
if (isWebhookRoute) {
return null; // Do nothing and allow the request to proceed
}
if (nextUrl.pathname.includes("/products")) {
return null;
}
//Do noting if is API auth route
if (isApiAuthRoute) {
return null;
}
//This is to prevent users from going back to the auth page after signing in.
if (isAuthRoute) {
if (isLoggedIn) {
return Response.redirect(new URL(DEFAULT_LOGIN_REDIRECT, nextUrl));
}
return null;
}
//This is to protect all the private routes.
//ensure that when a user logout from a page and logs back in, the user goes back to that page.
if (!isLoggedIn && !isPublicRoute) {
let callbackUrl = nextUrl.pathname;
if (nextUrl.search) {
callbackUrl += nextUrl.search;
}
const encodedCallbackUrl = encodeURIComponent(callbackUrl);
return Response.redirect(
new URL(`/auth/sign-in?callbackUrl=${encodedCallbackUrl}`, nextUrl)
);
}
return null;
});
export const config = {
matcher: ["/((?!.+\\.[\\w]+$|_next).*)", "/", "/(api|trpc)(.*)"],
};