atridad/pollo
1
0
Fork 0
Code Activity Actions

Middleware fixes

Browse source
This commit is contained in:
Atridad Lahiji 2023-10-16 20:18:53 -03:00 committed by atridadl
parent 9deec3ff9e
commit 61aae99678
No known key found for this signature in database
1 changed files with 66 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
middleware.ts
View file

@ -1,6 +1,6 @@
import { authMiddleware } from "@clerk/nextjs"; import { authMiddleware, redirectToSignIn } from "@clerk/nextjs";
import { validateRequest } from "./app/_lib/unkey"; import { validateRequest } from "./app/_lib/unkey";
import { NextRequest, NextResponse } from "next/server"; import { NextResponse } from "next/server";
import { Ratelimit } from "@upstash/ratelimit"; import { Ratelimit } from "@upstash/ratelimit";
import { Redis } from "@upstash/redis"; import { Redis } from "@upstash/redis";
import { env } from "./env.mjs"; import { env } from "./env.mjs";
@ -16,28 +16,73 @@ const rateLimit = new Ratelimit({
export default authMiddleware({ export default authMiddleware({
ignoredRoutes: ["/"], ignoredRoutes: ["/"],
publicRoutes: ["/api/external/(.*)", "/api/webhooks/(.*)"], publicRoutes: [
apiRoutes: ["/api/internal/(.*)"], "/api/external/public/(.*)",
beforeAuth: async (req: NextRequest) => { "/api/webhooks",
"/api/webhooks/(.*)",
],
afterAuth: async (auth, req) => {
if (!auth.userId && auth.isPublicRoute) {
const { success } = await rateLimit.limit(req.ip || ""); const { success } = await rateLimit.limit(req.ip || "");
if (success) { if (success) {
if (req.nextUrl.pathname.includes("/api/external/private")) { return NextResponse.next();
const isValid = await validateRequest(req); }
return new NextResponse("TOO MANY REQUESTS", {
status: 429,
statusText: "Too many requests!",
});
}
if (!isValid) { if (req.nextUrl.pathname.includes("/api/internal")) {
const { success } = await rateLimit.limit(req.ip || "");
if (!success) {
return new NextResponse("TOO MANY REQUESTS", {
status: 429,
statusText: "Too many requests!",
});
}
if (auth.userId) {
return NextResponse.next();
} else {
return new NextResponse("UNAUTHORIZED", { return new NextResponse("UNAUTHORIZED", {
status: 403, status: 403,
statusText: "Unauthorized!", statusText: "Unauthorized!",
}); });
} }
} }
return NextResponse.next();
}
if (req.nextUrl.pathname.includes("/api/external/private")) {
const { success } = await rateLimit.limit(req.ip || "");
if (!success) {
return new NextResponse("TOO MANY REQUESTS", { return new NextResponse("TOO MANY REQUESTS", {
status: 429, status: 429,
statusText: "Too many requests!", statusText: "Too many requests!",
}); });
}
const isValid = await validateRequest(req);
if (isValid) {
return NextResponse.next();
} else {
return new NextResponse("UNAUTHORIZED", {
status: 403,
statusText: "Unauthorized!",
});
}
}
if (!auth.userId && !auth.isPublicRoute) {
if (req.nextUrl.pathname.includes("/api")) {
return NextResponse.next();
}
// This is annoying...
// eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-explicit-any
return redirectToSignIn({ returnBackUrl: req.url });
}
}, },
}); });