88 lines
2.4 KiB
JavaScript
88 lines
2.4 KiB
JavaScript
import { NextResponse } from "next/server";
|
|
import { cookies } from "next/headers";
|
|
|
|
const checkAuthentication = async () => {
|
|
const token = req.cookies["cmc-token"]; // Access the token from cookies
|
|
console.log("checking token", token);
|
|
const isAuthenticated = token ? true : false; // Check if the user is authenticated.
|
|
return isAuthenticated;
|
|
};
|
|
|
|
const isTokenValid = () => {
|
|
if (typeof window === "undefined") {
|
|
return false; // Don't execute this code on the server-side
|
|
}
|
|
|
|
const cookies = document.cookie.split("; "); // Get all cookies and split them into an array
|
|
|
|
for (const cookie of cookies) {
|
|
const [name, value] = cookie.split("="); // Split the cookie into its name and value
|
|
|
|
if (name.trim() === "cmc-token" && value) {
|
|
return true; // The cmc-token cookie exists
|
|
}
|
|
}
|
|
|
|
return false;
|
|
};
|
|
|
|
export async function middleware(req) {
|
|
const token = isTokenValid();
|
|
// req.cookies["cmc-token"]; // Access the token from cookies
|
|
const cookieList = cookies();
|
|
|
|
const headers = new Headers(req.headers);
|
|
headers.set("X-XSS-Protection", "1; mode=block");
|
|
headers.set("X-Frame-Options", "SAMEORIGIN");
|
|
headers.set("Content-Security-Policy", "frame-ancestors 'same';");
|
|
|
|
const { origin, pathname } = req.nextUrl;
|
|
|
|
try {
|
|
if (pathname === "/auth/login" && token) {
|
|
// Redirect to the home page if already authenticated
|
|
return NextResponse.redirect(new URL("/"), { status: 307 });
|
|
}
|
|
|
|
if (!authenticationPages.includes(pathname) && !token) {
|
|
// Redirect to the login page if not authenticated
|
|
return NextResponse.redirect(new URL("/auth/login", origin), {
|
|
status: 307,
|
|
});
|
|
}
|
|
|
|
// Add authentication logic here (verify the token, etc.)
|
|
// const isAuthenticated = verifyToken(token);
|
|
const isAuthenticated = cookieList.has("cmc-token");
|
|
console.log(token);
|
|
|
|
if (!isAuthenticated) {
|
|
// Handle unauthenticated users
|
|
return NextResponse.error(new Error("Authentication failed"), {
|
|
status: 401,
|
|
});
|
|
}
|
|
|
|
// Continue with the request if authenticated
|
|
return NextResponse.next();
|
|
} catch (error) {
|
|
console.error("Error during authentication check:", error);
|
|
return NextResponse.error();
|
|
}
|
|
}
|
|
|
|
export const config = {
|
|
matcher: "/",
|
|
};
|
|
|
|
const authenticationPages = [
|
|
// "/",
|
|
"/auth",
|
|
"/auth/login",
|
|
"/auth/sign-up",
|
|
"/auth/forgot-password",
|
|
"/auth/lock-screen",
|
|
"/auth/confirm-mail",
|
|
"/auth/logout",
|
|
];
|