Files
CRM_ENVR/src/middleware.ts
T

56 lines
1.3 KiB
TypeScript

import { NextResponse } from "next/server"
import type { NextRequest } from "next/server"
import { jwtVerify } from "jose"
const JWT_SECRET = new TextEncoder().encode(
process.env.JWT_SECRET || "fallback-dev-secret-do-not-use-in-production"
)
const publicRoutes = [
"/login",
"/api/auth/login",
"/api/auth/logout",
"/_next/static",
"/_next/image",
"/favicon.ico",
"/logo",
"/fonts",
]
export async function middleware(request: NextRequest) {
const { pathname } = request.nextUrl
const isPublic = publicRoutes.some(
(route) => pathname === route || pathname.startsWith(route + "/") || pathname.startsWith(route)
)
if (pathname === "/api/auth/me") {
return NextResponse.next()
}
if (isPublic) {
return NextResponse.next()
}
const sessionCookie = request.cookies.get("session")?.value
if (!sessionCookie) {
const loginUrl = new URL("/login", request.url)
loginUrl.searchParams.set("redirect", pathname)
return NextResponse.redirect(loginUrl)
}
try {
await jwtVerify(sessionCookie, JWT_SECRET)
return NextResponse.next()
} catch {
const loginUrl = new URL("/login", request.url)
loginUrl.searchParams.set("redirect", pathname)
return NextResponse.redirect(loginUrl)
}
}
export const config = {
matcher: ["/((?!_next/static|_next/image|favicon.ico|logo|fonts).*)"],
}