Middleware fixes
This commit is contained in:
parent
b265a5c6e4
commit
01b6a9a442
1 changed files with 66 additions and 21 deletions
|
|
@ -1,6 +1,6 @@
|
||||||
import { authMiddleware } from "@clerk/nextjs";
|
import { authMiddleware, redirectToSignIn } from "@clerk/nextjs";
|
||||||
import { validateRequest } from "./app/_lib/unkey";
|
import { validateRequest } from "./app/_lib/unkey";
|
||||||
import { NextRequest, NextResponse } from "next/server";
|
import { NextResponse } from "next/server";
|
||||||
import { Ratelimit } from "@upstash/ratelimit";
|
import { Ratelimit } from "@upstash/ratelimit";
|
||||||
import { Redis } from "@upstash/redis";
|
import { Redis } from "@upstash/redis";
|
||||||
import { env } from "./env.mjs";
|
import { env } from "./env.mjs";
|
||||||
|
|
@ -16,28 +16,73 @@ const rateLimit = new Ratelimit({
|
||||||
|
|
||||||
export default authMiddleware({
|
export default authMiddleware({
|
||||||
ignoredRoutes: ["/"],
|
ignoredRoutes: ["/"],
|
||||||
publicRoutes: ["/api/external/(.*)", "/api/webhooks/(.*)"],
|
publicRoutes: [
|
||||||
apiRoutes: ["/api/internal/(.*)"],
|
"/api/external/public/(.*)",
|
||||||
beforeAuth: async (req: NextRequest) => {
|
"/api/webhooks",
|
||||||
const { success } = await rateLimit.limit(req.ip || "");
|
"/api/webhooks/(.*)",
|
||||||
if (success) {
|
],
|
||||||
if (req.nextUrl.pathname.includes("/api/external/private")) {
|
afterAuth: async (auth, req) => {
|
||||||
const isValid = await validateRequest(req);
|
if (!auth.userId && auth.isPublicRoute) {
|
||||||
|
const { success } = await rateLimit.limit(req.ip || "");
|
||||||
if (!isValid) {
|
if (success) {
|
||||||
return new NextResponse("UNAUTHORIZED", {
|
return NextResponse.next();
|
||||||
status: 403,
|
|
||||||
statusText: "Unauthorized!",
|
|
||||||
});
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return NextResponse.next();
|
return new NextResponse("TOO MANY REQUESTS", {
|
||||||
|
status: 429,
|
||||||
|
statusText: "Too many requests!",
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
return new NextResponse("TOO MANY REQUESTS", {
|
if (req.nextUrl.pathname.includes("/api/internal")) {
|
||||||
status: 429,
|
const { success } = await rateLimit.limit(req.ip || "");
|
||||||
statusText: "Too many requests!",
|
|
||||||
});
|
if (!success) {
|
||||||
|
return new NextResponse("TOO MANY REQUESTS", {
|
||||||
|
status: 429,
|
||||||
|
statusText: "Too many requests!",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (auth.userId) {
|
||||||
|
return NextResponse.next();
|
||||||
|
} else {
|
||||||
|
return new NextResponse("UNAUTHORIZED", {
|
||||||
|
status: 403,
|
||||||
|
statusText: "Unauthorized!",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (req.nextUrl.pathname.includes("/api/external/private")) {
|
||||||
|
const { success } = await rateLimit.limit(req.ip || "");
|
||||||
|
|
||||||
|
if (!success) {
|
||||||
|
return new NextResponse("TOO MANY REQUESTS", {
|
||||||
|
status: 429,
|
||||||
|
statusText: "Too many requests!",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
const isValid = await validateRequest(req);
|
||||||
|
|
||||||
|
if (isValid) {
|
||||||
|
return NextResponse.next();
|
||||||
|
} else {
|
||||||
|
return new NextResponse("UNAUTHORIZED", {
|
||||||
|
status: 403,
|
||||||
|
statusText: "Unauthorized!",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!auth.userId && !auth.isPublicRoute) {
|
||||||
|
if (req.nextUrl.pathname.includes("/api")) {
|
||||||
|
return NextResponse.next();
|
||||||
|
}
|
||||||
|
// This is annoying...
|
||||||
|
// eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-explicit-any
|
||||||
|
return redirectToSignIn({ returnBackUrl: req.url });
|
||||||
|
}
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue