Middleware fixes

2023-10-16 20:18:53 -03:00 · 2023-10-16 20:18:53 -03:00 · 61aae99678
commit 61aae99678
parent 9deec3ff9e
1 changed files with 66 additions and 21 deletions
--- a/middleware.ts
+++ b/middleware.ts
@ -1,6 +1,6 @@
-import { authMiddleware } from "@clerk/nextjs";
+import { authMiddleware, redirectToSignIn } from "@clerk/nextjs";
 import { validateRequest } from "./app/_lib/unkey";
-import { NextRequest, NextResponse } from "next/server";
+import { NextResponse } from "next/server";
 import { Ratelimit } from "@upstash/ratelimit";
 import { Redis } from "@upstash/redis";
 import { env } from "./env.mjs";
@ -16,28 +16,73 @@ const rateLimit = new Ratelimit({

 export default authMiddleware({
  ignoredRoutes: ["/"],
-  publicRoutes: ["/api/external/(.*)", "/api/webhooks/(.*)"],
-  apiRoutes: ["/api/internal/(.*)"],
-  beforeAuth: async (req: NextRequest) => {
+  publicRoutes: [
+    "/api/external/public/(.*)",
+    "/api/webhooks",
+    "/api/webhooks/(.*)",
+  ],
+  afterAuth: async (auth, req) => {
+    if (!auth.userId && auth.isPublicRoute) {
      const { success } = await rateLimit.limit(req.ip || "");
      if (success) {
-      if (req.nextUrl.pathname.includes("/api/external/private")) {
-        const isValid = await validateRequest(req);
+        return NextResponse.next();
+      }
+      return new NextResponse("TOO MANY REQUESTS", {
+        status: 429,
+        statusText: "Too many requests!",
+      });
+    }

-        if (!isValid) {
+    if (req.nextUrl.pathname.includes("/api/internal")) {
+      const { success } = await rateLimit.limit(req.ip || "");
+
+      if (!success) {
+        return new NextResponse("TOO MANY REQUESTS", {
+          status: 429,
+          statusText: "Too many requests!",
+        });
+      }
+
+      if (auth.userId) {
+        return NextResponse.next();
+      } else {
        return new NextResponse("UNAUTHORIZED", {
          status: 403,
          statusText: "Unauthorized!",
        });
      }
    }
-      return NextResponse.next();
-    }

+    if (req.nextUrl.pathname.includes("/api/external/private")) {
+      const { success } = await rateLimit.limit(req.ip || "");
+
+      if (!success) {
        return new NextResponse("TOO MANY REQUESTS", {
          status: 429,
          statusText: "Too many requests!",
        });
+      }
+
+      const isValid = await validateRequest(req);
+
+      if (isValid) {
+        return NextResponse.next();
+      } else {
+        return new NextResponse("UNAUTHORIZED", {
+          status: 403,
+          statusText: "Unauthorized!",
+        });
+      }
+    }
+
+    if (!auth.userId && !auth.isPublicRoute) {
+      if (req.nextUrl.pathname.includes("/api")) {
+        return NextResponse.next();
+      }
+      // This is annoying...
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-explicit-any
+      return redirectToSignIn({ returnBackUrl: req.url });
+    }
  },
 });