-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmiddleware.ts
36 lines (28 loc) · 1.2 KB
/
middleware.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
import { NextMiddlewareWithAuth, withAuth } from 'next-auth/middleware'
import { NextResponse } from 'next/server'
const ADMIN_PAGES_PROTECTED = ['/api/export', '/admin']
const USER_PAGES_PROTECTED = ['/user']
const PROTECTED = [...ADMIN_PAGES_PROTECTED, ...USER_PAGES_PROTECTED]
export const config = {
matcher: ['/api/export/:path*', '/admin/:path*', '/user/:path*'],
}
const nextAuthMiddleware: NextMiddlewareWithAuth = (req) => {
const token = req.nextauth.token
const pathname = req.nextUrl.pathname
const forbidden = NextResponse.rewrite(new URL('/forbidden', req.url))
if (!PROTECTED.some((path) => pathname.startsWith(path)))
return NextResponse.next()
if (!token) return forbidden
if (!token.roles) return forbidden
const isAdmin = token.roles.includes(process.env.ADMIN_ROLE)
const isUser = token.roles.includes(process.env.USER_ROLE)
if (ADMIN_PAGES_PROTECTED.some((path) => pathname.startsWith(path))) {
return isAdmin ? NextResponse.next() : forbidden
}
if (USER_PAGES_PROTECTED.some((path) => path.startsWith(path))) {
return isUser ? NextResponse.next() : forbidden
}
return forbidden
}
const middleware = withAuth(nextAuthMiddleware)
export default middleware