2023-10-16 20:18:53 -03:00
|
|
|
import { authMiddleware, redirectToSignIn } from "@clerk/nextjs";
|
2023-09-24 23:49:24 -06:00
|
|
|
import { validateRequest } from "./app/_lib/unkey";
|
2023-10-16 20:18:53 -03:00
|
|
|
import { NextResponse } from "next/server";
|
2023-08-20 01:15:52 -06:00
|
|
|
import { Ratelimit } from "@upstash/ratelimit";
|
|
|
|
|
import { Redis } from "@upstash/redis";
|
|
|
|
|
import { env } from "./env.mjs";
|
|
|
|
|
|
|
|
|
|
const rateLimit = new Ratelimit({
|
|
|
|
|
redis: Redis.fromEnv(),
|
|
|
|
|
limiter: Ratelimit.slidingWindow(
|
|
|
|
|
Number(env.UPSTASH_RATELIMIT_REQUESTS),
|
|
|
|
|
`${Number(env.UPSTASH_RATELIMIT_SECONDS)}s`
|
|
|
|
|
),
|
|
|
|
|
analytics: true,
|
|
|
|
|
});
|
2023-08-12 17:12:42 -06:00
|
|
|
|
|
|
|
|
export default authMiddleware({
|
2023-10-05 00:58:00 -06:00
|
|
|
ignoredRoutes: ["/"],
|
2023-10-16 20:18:53 -03:00
|
|
|
publicRoutes: [
|
|
|
|
|
"/api/external/public/(.*)",
|
|
|
|
|
"/api/webhooks",
|
|
|
|
|
"/api/webhooks/(.*)",
|
|
|
|
|
],
|
|
|
|
|
afterAuth: async (auth, req) => {
|
2023-11-17 18:04:41 -07:00
|
|
|
const isAMA = auth.user?.emailAddresses.map((email) =>
|
|
|
|
|
email.emailAddress.includes("ama.ab.ca")
|
|
|
|
|
);
|
2023-11-17 18:18:41 -07:00
|
|
|
|
|
|
|
|
if (isAMA && isAMA?.length > 0) {
|
|
|
|
|
return NextResponse.redirect(
|
|
|
|
|
"https://www.youtube.com/watch?v=dQw4w9WgXcQ"
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-17 18:04:41 -07:00
|
|
|
if (!auth.userId && auth.isPublicRoute && !isAMA) {
|
2023-10-16 20:18:53 -03:00
|
|
|
const { success } = await rateLimit.limit(req.ip || "");
|
|
|
|
|
if (success) {
|
|
|
|
|
return NextResponse.next();
|
2023-08-20 01:15:52 -06:00
|
|
|
}
|
2023-10-16 20:18:53 -03:00
|
|
|
return new NextResponse("TOO MANY REQUESTS", {
|
|
|
|
|
status: 429,
|
|
|
|
|
statusText: "Too many requests!",
|
|
|
|
|
});
|
2023-08-17 20:55:56 -06:00
|
|
|
}
|
|
|
|
|
|
2023-10-16 20:18:53 -03:00
|
|
|
if (req.nextUrl.pathname.includes("/api/internal")) {
|
|
|
|
|
const { success } = await rateLimit.limit(req.ip || "");
|
|
|
|
|
|
|
|
|
|
if (!success) {
|
|
|
|
|
return new NextResponse("TOO MANY REQUESTS", {
|
|
|
|
|
status: 429,
|
|
|
|
|
statusText: "Too many requests!",
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (auth.userId) {
|
|
|
|
|
return NextResponse.next();
|
|
|
|
|
} else {
|
|
|
|
|
return new NextResponse("UNAUTHORIZED", {
|
|
|
|
|
status: 403,
|
|
|
|
|
statusText: "Unauthorized!",
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (req.nextUrl.pathname.includes("/api/external/private")) {
|
|
|
|
|
const { success } = await rateLimit.limit(req.ip || "");
|
|
|
|
|
|
|
|
|
|
if (!success) {
|
|
|
|
|
return new NextResponse("TOO MANY REQUESTS", {
|
|
|
|
|
status: 429,
|
|
|
|
|
statusText: "Too many requests!",
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const isValid = await validateRequest(req);
|
|
|
|
|
|
|
|
|
|
if (isValid) {
|
|
|
|
|
return NextResponse.next();
|
|
|
|
|
} else {
|
|
|
|
|
return new NextResponse("UNAUTHORIZED", {
|
|
|
|
|
status: 403,
|
|
|
|
|
statusText: "Unauthorized!",
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!auth.userId && !auth.isPublicRoute) {
|
|
|
|
|
if (req.nextUrl.pathname.includes("/api")) {
|
|
|
|
|
return NextResponse.next();
|
|
|
|
|
}
|
|
|
|
|
// This is annoying...
|
|
|
|
|
// eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-explicit-any
|
|
|
|
|
return redirectToSignIn({ returnBackUrl: req.url });
|
|
|
|
|
}
|
2023-08-17 16:40:09 -06:00
|
|
|
},
|
2023-08-12 17:12:42 -06:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
export const config = {
|
2023-09-09 19:25:23 -06:00
|
|
|
matcher: ["/((?!.*\\..*|_next).*)", "/", "/(api)(.*)"],
|
2023-08-12 17:12:42 -06:00
|
|
|
};
|
