-
Notifications
You must be signed in to change notification settings - Fork 0
/
middleware.ts
52 lines (44 loc) · 1.55 KB
/
middleware.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
import { getToken } from 'next-auth/jwt';
import { NextRequestWithAuth, withAuth } from 'next-auth/middleware';
// This function can be marked `async` if using `await` inside
export default withAuth(async function middleware(req: NextRequestWithAuth) {
const session: any = await getToken({
req,
secret: process.env.NEXTAUTH_SECRET,
});
const validRoles = ['admin', 'SEO'];
const requestedPage = req.nextUrl.pathname;
if (requestedPage.startsWith('/checkout')) {
if (!session) {
const url = req.nextUrl.clone();
const loginPage = '/auth/login';
url.pathname = loginPage;
url.search = `page=${requestedPage}`;
return NextResponse.redirect(new URL(url));
}
}
const { role } = req.nextauth.token?.user as any;
if (requestedPage.includes('/api/admin') && !validRoles.includes(role)) {
return new Response(JSON.stringify({ message: 'Unauthorized' }), {
status: 401,
headers: {
'Content-Type': 'application/json',
},
});
}
if (requestedPage.includes('/admin') && !validRoles.includes(role)) {
return NextResponse.redirect(new URL('/', req.url));
}
if (requestedPage.startsWith('/admin/products/new')) {
if (role !== 'SEO') {
return NextResponse.redirect(new URL('/admin/products', req.url));
}
}
return NextResponse.next();
});
// See "Matching Paths" below to learn more
export const config = {
matcher: ['/checkout/:path*', '/admin/:path*', '/api/admin/:path*'],
};