From 01b6a9a442ae5a01a9f98ff39c3d9c994f3f108a Mon Sep 17 00:00:00 2001 From: Atridad Lahiji Date: Mon, 16 Oct 2023 20:18:53 -0300 Subject: [PATCH 1/2] Middleware fixes --- middleware.ts | 87 ++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 66 insertions(+), 21 deletions(-) diff --git a/middleware.ts b/middleware.ts index cc76c8a..a7349c9 100644 --- a/middleware.ts +++ b/middleware.ts @@ -1,6 +1,6 @@ -import { authMiddleware } from "@clerk/nextjs"; +import { authMiddleware, redirectToSignIn } from "@clerk/nextjs"; import { validateRequest } from "./app/_lib/unkey"; -import { NextRequest, NextResponse } from "next/server"; +import { NextResponse } from "next/server"; import { Ratelimit } from "@upstash/ratelimit"; import { Redis } from "@upstash/redis"; import { env } from "./env.mjs"; @@ -16,28 +16,73 @@ const rateLimit = new Ratelimit({ export default authMiddleware({ ignoredRoutes: ["/"], - publicRoutes: ["/api/external/(.*)", "/api/webhooks/(.*)"], - apiRoutes: ["/api/internal/(.*)"], - beforeAuth: async (req: NextRequest) => { - const { success } = await rateLimit.limit(req.ip || ""); - if (success) { - if (req.nextUrl.pathname.includes("/api/external/private")) { - const isValid = await validateRequest(req); - - if (!isValid) { - return new NextResponse("UNAUTHORIZED", { - status: 403, - statusText: "Unauthorized!", - }); - } + publicRoutes: [ + "/api/external/public/(.*)", + "/api/webhooks", + "/api/webhooks/(.*)", + ], + afterAuth: async (auth, req) => { + if (!auth.userId && auth.isPublicRoute) { + const { success } = await rateLimit.limit(req.ip || ""); + if (success) { + return NextResponse.next(); } - return NextResponse.next(); + return new NextResponse("TOO MANY REQUESTS", { + status: 429, + statusText: "Too many requests!", + }); } - return new NextResponse("TOO MANY REQUESTS", { - status: 429, - statusText: "Too many requests!", - }); + if (req.nextUrl.pathname.includes("/api/internal")) { + const { success } = await rateLimit.limit(req.ip || ""); + + if (!success) { + return new NextResponse("TOO MANY REQUESTS", { + status: 429, + statusText: "Too many requests!", + }); + } + + if (auth.userId) { + return NextResponse.next(); + } else { + return new NextResponse("UNAUTHORIZED", { + status: 403, + statusText: "Unauthorized!", + }); + } + } + + if (req.nextUrl.pathname.includes("/api/external/private")) { + const { success } = await rateLimit.limit(req.ip || ""); + + if (!success) { + return new NextResponse("TOO MANY REQUESTS", { + status: 429, + statusText: "Too many requests!", + }); + } + + const isValid = await validateRequest(req); + + if (isValid) { + return NextResponse.next(); + } else { + return new NextResponse("UNAUTHORIZED", { + status: 403, + statusText: "Unauthorized!", + }); + } + } + + if (!auth.userId && !auth.isPublicRoute) { + if (req.nextUrl.pathname.includes("/api")) { + return NextResponse.next(); + } + // This is annoying... + // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-explicit-any + return redirectToSignIn({ returnBackUrl: req.url }); + } }, }); From 9e52d69191d986e4cb24b2828ad529374364d711 Mon Sep 17 00:00:00 2001 From: Atridad Lahiji Date: Mon, 16 Oct 2023 20:31:56 -0300 Subject: [PATCH 2/2] 3.1.6 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c4901b9..2fa2580 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "sprintpadawan", - "version": "3.1.5", + "version": "3.1.6", "description": "Plan. Sprint. Repeat.", "private": true, "scripts": {