Initial commit

2026-03-07 18:13:07 +00:00 · 2026-02-25 16:14:15 +03:00
commit 75ab0cecf0
254 changed files with 113531 additions and 0 deletions
--- a/middleware.ts
+++ b/middleware.ts
@@ -0,0 +1,104 @@
+import { NextRequest, NextResponse } from "next/server";
+import { AUTH_COOKIE_NAME, verifySessionToken } from "@/lib/auth/session";
+
+function isPublicPage(pathname: string): boolean {
+  return pathname === "/login";
+}
+
+function isPublicApi(req: NextRequest, pathname: string): boolean {
+  if (pathname === "/api/health") return true;
+  if (pathname === "/api/auth/login") return true;
+  if (pathname === "/api/auth/logout") return true;
+  if (pathname === "/api/auth/status") return true;
+  if (pathname === "/api/external/message") return true;
+  if (pathname === "/api/integrations/telegram" && req.method === "POST") {
+    return true;
+  }
+  return false;
+}
+
+function shouldBypass(pathname: string): boolean {
+  if (/\.[^/]+$/.test(pathname)) {
+    return true;
+  }
+  if (
+    pathname.startsWith("/_next/static") ||
+    pathname.startsWith("/_next/image") ||
+    pathname === "/favicon.ico" ||
+    pathname === "/robots.txt" ||
+    pathname === "/sitemap.xml"
+  ) {
+    return true;
+  }
+  return false;
+}
+
+function buildLoginRedirect(req: NextRequest): NextResponse {
+  const loginUrl = new URL("/login", req.url);
+  const next = `${req.nextUrl.pathname}${req.nextUrl.search}`;
+  if (next && next !== "/") {
+    loginUrl.searchParams.set("next", next);
+  }
+  return NextResponse.redirect(loginUrl);
+}
+
+function buildCredentialsOnboardingRedirect(req: NextRequest): NextResponse {
+  const url = new URL("/dashboard/projects", req.url);
+  url.searchParams.set("onboarding", "1");
+  url.searchParams.set("credentials", "1");
+  return NextResponse.redirect(url);
+}
+
+export async function middleware(req: NextRequest) {
+  const { pathname } = req.nextUrl;
+
+  if (shouldBypass(pathname)) {
+    return NextResponse.next();
+  }
+
+  if (pathname.startsWith("/api/") && isPublicApi(req, pathname)) {
+    return NextResponse.next();
+  }
+
+  const token = req.cookies.get(AUTH_COOKIE_NAME)?.value || "";
+  const session = token ? await verifySessionToken(token) : null;
+
+  if (isPublicPage(pathname)) {
+    if (session) {
+      if (session.mustChangeCredentials) {
+        return buildCredentialsOnboardingRedirect(req);
+      }
+      return NextResponse.redirect(new URL("/dashboard", req.url));
+    }
+    return NextResponse.next();
+  }
+
+  if (!session) {
+    if (pathname.startsWith("/api/")) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+    return buildLoginRedirect(req);
+  }
+
+  if (
+    session.mustChangeCredentials &&
+    pathname.startsWith("/dashboard") &&
+    pathname !== "/dashboard/projects"
+  ) {
+    return buildCredentialsOnboardingRedirect(req);
+  }
+
+  if (
+    session.mustChangeCredentials &&
+    pathname === "/dashboard/projects" &&
+    req.nextUrl.searchParams.get("credentials") !== "1"
+  ) {
+    return buildCredentialsOnboardingRedirect(req);
+  }
+
+  return NextResponse.next();
+}
+
+export const config = {
+  matcher: ["/:path*"],
+};