mirror of
https://github.com/eggent-ai/eggent.git
synced 2026-03-07 10:03:19 +00:00
105 lines
2.8 KiB
TypeScript
105 lines
2.8 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
import { AUTH_COOKIE_NAME, verifySessionToken } from "@/lib/auth/session";
|
|
|
|
function isPublicPage(pathname: string): boolean {
|
|
return pathname === "/login";
|
|
}
|
|
|
|
function isPublicApi(req: NextRequest, pathname: string): boolean {
|
|
if (pathname === "/api/health") return true;
|
|
if (pathname === "/api/auth/login") return true;
|
|
if (pathname === "/api/auth/logout") return true;
|
|
if (pathname === "/api/auth/status") return true;
|
|
if (pathname === "/api/external/message") return true;
|
|
if (pathname === "/api/integrations/telegram" && req.method === "POST") {
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function shouldBypass(pathname: string): boolean {
|
|
if (/\.[^/]+$/.test(pathname)) {
|
|
return true;
|
|
}
|
|
if (
|
|
pathname.startsWith("/_next/static") ||
|
|
pathname.startsWith("/_next/image") ||
|
|
pathname === "/favicon.ico" ||
|
|
pathname === "/robots.txt" ||
|
|
pathname === "/sitemap.xml"
|
|
) {
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function buildLoginRedirect(req: NextRequest): NextResponse {
|
|
const loginUrl = new URL("/login", req.url);
|
|
const next = `${req.nextUrl.pathname}${req.nextUrl.search}`;
|
|
if (next && next !== "/") {
|
|
loginUrl.searchParams.set("next", next);
|
|
}
|
|
return NextResponse.redirect(loginUrl);
|
|
}
|
|
|
|
function buildCredentialsOnboardingRedirect(req: NextRequest): NextResponse {
|
|
const url = new URL("/dashboard/projects", req.url);
|
|
url.searchParams.set("onboarding", "1");
|
|
url.searchParams.set("credentials", "1");
|
|
return NextResponse.redirect(url);
|
|
}
|
|
|
|
export async function middleware(req: NextRequest) {
|
|
const { pathname } = req.nextUrl;
|
|
|
|
if (shouldBypass(pathname)) {
|
|
return NextResponse.next();
|
|
}
|
|
|
|
if (pathname.startsWith("/api/") && isPublicApi(req, pathname)) {
|
|
return NextResponse.next();
|
|
}
|
|
|
|
const token = req.cookies.get(AUTH_COOKIE_NAME)?.value || "";
|
|
const session = token ? await verifySessionToken(token) : null;
|
|
|
|
if (isPublicPage(pathname)) {
|
|
if (session) {
|
|
if (session.mustChangeCredentials) {
|
|
return buildCredentialsOnboardingRedirect(req);
|
|
}
|
|
return NextResponse.redirect(new URL("/dashboard", req.url));
|
|
}
|
|
return NextResponse.next();
|
|
}
|
|
|
|
if (!session) {
|
|
if (pathname.startsWith("/api/")) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
}
|
|
return buildLoginRedirect(req);
|
|
}
|
|
|
|
if (
|
|
session.mustChangeCredentials &&
|
|
pathname.startsWith("/dashboard") &&
|
|
pathname !== "/dashboard/projects"
|
|
) {
|
|
return buildCredentialsOnboardingRedirect(req);
|
|
}
|
|
|
|
if (
|
|
session.mustChangeCredentials &&
|
|
pathname === "/dashboard/projects" &&
|
|
req.nextUrl.searchParams.get("credentials") !== "1"
|
|
) {
|
|
return buildCredentialsOnboardingRedirect(req);
|
|
}
|
|
|
|
return NextResponse.next();
|
|
}
|
|
|
|
export const config = {
|
|
matcher: ["/:path*"],
|
|
};
|