-
Notifications
You must be signed in to change notification settings - Fork 0
/
middleware.ts
77 lines (63 loc) · 2.65 KB
/
middleware.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
import { jwtVerify } from "jose";
import { NextRequest, NextResponse } from 'next/server';
const ONLY_ADMIN_API_ROUTES = [
"/api/admin/change_state",
"/api/admin/categories/create",
"/api/admin/categories/delete",
"/api/admin/layout_contents/update_banner_image",
"/api/admin/layout_contents/update_banner",
"/api/admin/layout_contents/update_logo",
"/api/admin/products/create",
"/api/admin/products/delete",
"/api/admin/products/update",
"/api/admin/products/upload_images",
];
const GUEST_DENIED_ROUTES = [
"/api/user/upload_profile_image",
"/api/create-payment-intent",
"/api/verify-payment-intent"
];
const WHITELIST_ROUTES = [
"/api/user/sign_in",
"/api/user/sign_up",
"/api/admin/layout_contents",
"/api/categories",
"/api/products",
"/api/search",
];
export default async function middleware(req: NextRequest) {
const path: string = req.nextUrl.pathname;
// console.log('\x1b[33m%s\x1b[0m', "path:", path);
if (WHITELIST_ROUTES.includes(path)) {
return NextResponse.next();
}
if (path.startsWith('/api/admin')) {
const accessToken = req.headers.get("authorization");
const jwtSecret = Buffer.from(process.env.JWT_SECRET);
const jwtVerifyResult = await jwtVerify(accessToken, jwtSecret, { algorithms: ["HS256"] });
const user = jwtVerifyResult.payload;
if (user.role == "guest" && ONLY_ADMIN_API_ROUTES.includes(path)) {
return NextResponse.json({ status: 'error', message: 'Only admin accounts are permitted for this action. Guest accounts are not allowed.' });
}
if (user.role == "guest") {
return NextResponse.next();
}
if (user.role == "admin") {
return NextResponse.next();
}
return NextResponse.json({ status: 'error', message: 'Only admin accounts are permitted for this action.' });
}
if (path.startsWith('/api')) {
const accessToken = req.headers.get("authorization");
const jwtSecret = Buffer.from(process.env.JWT_SECRET);
const jwtVerifyResult = await jwtVerify(accessToken, jwtSecret, { algorithms: ["HS256"] });
const user = jwtVerifyResult.payload;
if (user.role == "guest" && GUEST_DENIED_ROUTES.includes(path)) {
return NextResponse.json({ status: 'error', message: 'Guest accounts are not permitted for this action.' });
}
if (user.role == "guest" && path == "/api/user" && req.method == "POST") {
return NextResponse.json({ status: 'error', message: 'Guest accounts are not permitted for this action.' });
}
return NextResponse.next();
}
}