-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmiddleware.js
126 lines (108 loc) · 4.18 KB
/
middleware.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
import { getToken } from "next-auth/jwt";
import { withAuth } from "next-auth/middleware";
import { NextResponse } from "next/server";
export default withAuth(
async function middleware(req) {
const pathname = req.nextUrl.pathname;
// Manage route protection
const adminRoutes = ["/admin"];
const sensitiveRoutes = ["/profile", "/orders", "/addresses"];
/* The line `const isAuth = await getToken({ req });` is calling the `getToken` function from the
`next-auth/jwt` module and passing the `req` object as an argument. */
const isAuth = await getToken({ req });
/* These lines of code are checking if the current `pathname` starts with "/login" or
"/auth/register". */
const isLoginPage = pathname.startsWith("/login");
const isRegisterPage = pathname.startsWith("/register");
const isCheckoutPage = pathname.startsWith("/checkout");
const isVerificationPage = [
"/profile/email-verification",
"/api/email-verification",
];
/* These lines of code are checking if the current `pathname` starts with any of the routes defined
in the `sensitiveRoutes` and `adminRoutes` arrays. */
const isAccessingSensitiveRoute = sensitiveRoutes.some((route) =>
pathname.startsWith(route)
);
const verifiedUserAccessingVerificationPage = isVerificationPage.some(
(route) => pathname.startsWith(route)
);
const isAccessingAdminRoutes = adminRoutes.some((route) =>
pathname.startsWith(route)
);
/* This code block is handling the logic for the verification page. */
if (verifiedUserAccessingVerificationPage) {
if (isAuth?.isVerified) {
return NextResponse.redirect(new URL("/profile", req.url));
}
return NextResponse.next();
}
/* This code block is handling the logic for the login page. */
if (isLoginPage) {
if (isAuth) {
return NextResponse.redirect(new URL("/", req.url));
}
return NextResponse.next();
}
/* The code block `if (isCheckoutPage) { ... }` is checking if the current `pathname` matches the
"/checkout" route. If it does, it further checks if the user is not authenticated (`!isAuth`). */
if (isCheckoutPage) {
if (!isAuth) {
return NextResponse.redirect(new URL("/login", req.url));
}
return NextResponse.next();
}
/* The code block `if (isAuth) { ... }` is checking if the user is authenticated. If the user is
authenticated, it then checks if they are accessing any of the admin routes
(`isAccessingAdminRoutes`). If they are accessing an admin route, it further checks if the
user's role (`req.nextauth.token?.role`) is "customer". */
if (isAuth) {
if (isAccessingAdminRoutes) {
if (req.nextauth.token?.role == "customer")
return NextResponse.redirect(new URL("/", req.url));
}
return NextResponse.next();
}
/* The code block `if (isRegisterPage) { ... }` is handling the logic for the register page. */
if (isRegisterPage) {
if (isAuth) {
return NextResponse.redirect(new URL("/", req.url));
}
return NextResponse.next();
}
/* The code block `if (!isAuth && isAccessingSensitiveRoute)` is checking if the user is not
authenticated (`!isAuth`) and is trying to access a sensitive route
(`isAccessingSensitiveRoute`). */
if (!isAuth) {
if (isAccessingSensitiveRoute) {
return NextResponse.redirect(new URL("/login", req.url));
}
return NextResponse.next();
}
},
{
/* The `callbacks` object is a property of the `withAuth` middleware function. It allows you to
define callback functions that will be executed during the authentication process. In this case,
the `authorized` callback function is defined. */
callbacks: {
async authorized() {
return true;
},
},
}
);
/* The `export const config` block is defining the configuration options for the middleware. In this
case, it is specifying the routes that should be matched by the middleware. */
export const config = {
matchter: [
"/",
"/orders",
"/wislist",
"/addresses",
"/checkout",
"/register",
"/login",
"/profile/:path*",
"/admin/:path*",
],
};