thalla/lomavuokraus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lomavuokraus/middleware.ts
Tero Halla-aho 61fc8dc5ba Harden auth/role enforcement for admin and listings
2025-12-06 18:12:06 +02:00

40 lines
1.2 KiB
TypeScript
Raw Blame History

import { NextRequest, NextResponse } from 'next/server';
import { getAuthFromRequest } from './lib/jwt';
const ADMIN_ONLY_PATHS = ['/admin/users'];
const MODERATOR_PATHS = ['/admin/pending'];
function buildLoginRedirect(req: NextRequest) {
const url = new URL('/auth/login', req.url);
url.searchParams.set('redirect', req.nextUrl.pathname + req.nextUrl.search);
return url;
}
export async function middleware(req: NextRequest) {
const { pathname } = req.nextUrl;
if (!pathname.startsWith('/admin')) {
return NextResponse.next();
}
const session = await getAuthFromRequest(req);
if (!session) {
return NextResponse.redirect(buildLoginRedirect(req));
}
const role = session.role;
const isAdminOnly = ADMIN_ONLY_PATHS.some((p) => pathname.startsWith(p));
if (isAdminOnly && role !== 'ADMIN') {
return NextResponse.redirect(new URL('/', req.url));
}
const isModeratorPath = MODERATOR_PATHS.some((p) => pathname.startsWith(p));
if (isModeratorPath && !(role === 'ADMIN' || role === 'USER_MODERATOR' || role === 'LISTING_MODERATOR')) {
return NextResponse.redirect(new URL('/', req.url));
}
return NextResponse.next();
}
export const config = {
matcher: ['/admin/:path*'],
};
Reference in a new issue View git blame Copy permalink