-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathmiddleware.ts
124 lines (113 loc) · 3.02 KB
/
middleware.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
import { createRateLimiter, defaultRateLimiter } from './lib/ratelimiter'
import { getAuthTokenOrNull } from '@/helpers/oauth/helpers'
import { type NextRequest, NextResponse } from 'next/server'
import ALLOWED_ADMIN_IDS from './data/reviewers.json'
import { ipAddress } from '@vercel/functions'
export async function middleware(request: NextRequest) {
const { pathname } = request.nextUrl
const method = request.method
const ip = request.headers.get('cf-connecting-ip') ?? '127.0.0.1' // Only works if proxied through cloudflare
const authToken = await getAuthTokenOrNull(
request.headers.get('Authorization') ?? undefined
)
switch (pathname) {
case '/packs/create': {
if (!authToken) {
const url = request.nextUrl.clone()
url.pathname = '/login'
return NextResponse.rewrite(url)
}
return NextResponse.next()
}
case '/packs/review': {
if (!authToken) {
const url = request.nextUrl.clone()
url.pathname = '/login'
return NextResponse.rewrite(url)
}
if (!ALLOWED_ADMIN_IDS.includes(authToken.payload.id)) {
return NextResponse.json(
{ success: false, error: 'Forbidden - Admin access required' },
{ status: 403 }
)
}
return NextResponse.next()
}
case '/api/packs/create': {
if (!authToken) {
return NextResponse.json(
{ success: false, error: 'Unauthorized' },
{ status: 401 }
)
}
if (method === 'POST') {
const rateLimiter = await createRateLimiter()
const { success: successID } = await rateLimiter.limit(
authToken.payload.id
)
const { success: successIP } = await rateLimiter.limit(ip)
if (!successID || !successIP) {
return NextResponse.json(
{
success: false,
error:
'Rate limit exceeded, please wait a bit before trying again!'
},
{ status: 429 }
)
}
}
return NextResponse.next()
}
case '/api/packs/review': {
if (!authToken) {
return NextResponse.json(
{ success: false, error: 'Unauthorized' },
{ status: 401 }
)
}
if (!ALLOWED_ADMIN_IDS.includes(authToken.payload.id)) {
return NextResponse.json(
{ success: false, error: 'Forbidden - Admin access required' },
{ status: 403 }
)
}
return NextResponse.next()
}
default: {
// Handle /api/packs and other routes
if (pathname.startsWith('/api/packs')) {
if (method === 'GET') {
const rateLimiter = await defaultRateLimiter()
const { success } = await rateLimiter.limit(ip)
if (!success) {
return NextResponse.json(
{
success: false,
error:
'Rate limit exceeded, please wait a bit before trying again!'
},
{ status: 429 }
)
}
} else if (!authToken) {
return NextResponse.json(
{ success: false, error: 'Unauthorized' },
{ status: 401 }
)
}
}
return NextResponse.next()
}
}
}
export const config = {
matcher: [
'/packs/create',
'/api/packs/review',
'/api/packs',
'/api/packs/:path*',
'/api/packs/review/:path*',
'/packs/review'
]
}