wibu/hipmi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix middle 4

Browse Source
This commit is contained in:
Bagasbanuna02
2025-04-08 12:33:46 +08:00
parent 1034797a26
commit 0dcd30d1a8
2 changed files with 368 additions and 250 deletions
Download Patch File Download Diff File Expand all files Collapse all files

368
src/middleware.ts Normal file
View File

@@ -0,0 +1,368 @@
import { jwtVerify } from "jose";
import { NextRequest, NextResponse } from "next/server";
type MiddlewareConfig = {
apiPath: string;
loginPath: string;
userPath: string;
publicRoutes: string[];
encodedKey: string;
sessionKey: string;
validationApiRoute: string;
log: boolean;
};
const middlewareConfig: MiddlewareConfig = {
apiPath: "/api",
loginPath: "/login",
userPath: "/dev/home",
publicRoutes: [
// API
"/",
"/api/voting/*",
"/api/collaboration/*",
"/api/notifikasi/*",
"/api/logs/*",
"/api/auth/*",
// "/api/origin-url",
// "/api/job*",
// ADMIN API
// >> buat dibawah sini <<
"/api/admin/donasi/*",
"/api/admin/investasi/*",
"/api/admin/collaboration/*",
// Akses awal
"/api/get-cookie",
"/api/user/activation",
"/api/user-validate",
"/api/version",
// PAGE
"/login",
"/register",
"/validasi",
"/splash",
"/invalid-user",
"/job-vacancy",
"/preview-image",
"/auth/login",
"/auth/api/login",
"/waiting-room",
"/zCoba/*",
// ASSETS
"/aset/global/main_background.png",
"/aset/logo/logo-hipmi.png",
],
encodedKey: process.env.NEXT_PUBLIC_BASE_TOKEN_KEY!,
sessionKey: process.env.NEXT_PUBLIC_BASE_SESSION_KEY!,
validationApiRoute: "/api/validation",
log: false,
};
export const middleware = async (req: NextRequest) => {
const {
apiPath,
encodedKey,
loginPath,
publicRoutes,
sessionKey,
validationApiRoute,
userPath,
} = middlewareConfig;
const { pathname } = req.nextUrl;
// Handle CORS
const corsResponse = handleCors(req);
if (corsResponse) {
return corsResponse;
}
// Check if route is public
const isPublicRoute = isRoutePublic(pathname, publicRoutes, loginPath);
if (isPublicRoute && pathname !== loginPath) {
return setCorsHeaders(NextResponse.next());
}
// Get token from cookies or Authorization header
const token = getToken(req, sessionKey);
const user = await verifyToken({ token, encodedKey });
const response = NextResponse.next();
// Handle login page access
if (pathname === loginPath) {
if (user) {
const response = NextResponse.redirect(new URL(userPath, req.url));
// Preserve token in cookie when redirecting
if (token) {
response.cookies.set(sessionKey, token, {
// httpOnly: true,
secure: process.env.NODE_ENV === "production",
sameSite: "lax",
path: "/",
});
}
return setCorsHeaders(response);
}
return setCorsHeaders(NextResponse.next());
}
// Redirect to login if no user found
if (!user) {
const response = NextResponse.redirect(new URL(loginPath, req.url));
// Clear invalid token
response.cookies.delete(sessionKey);
return setCorsHeaders(response);
}
// // Handle API requests
// if (pathname.startsWith(apiPath)) {
// // const reqToken = req.headers.get("Authorization")?.split(" ")[1];
// if (!token) {
// return setCorsHeaders(unauthorizedResponseTokenAPI());
// }
// try {
// // const origin = new URL(req.url).origin;
// // console.log("origin", origin);
// const validationResponse = await fetch(
// `${new URL(req.url).origin}/api/validation`,
// {
// headers: {
// "Content-Type": "application/json",
// Authorization: `Bearer ${token}`,
// },
// }
// );
// if (!validationResponse.ok) {
// return setCorsHeaders(unauthorizedResponseAPI());
// }
// } catch (error) {
// console.error("Error validating API request:", error);
// return setCorsHeaders(unauthorizedResponseValidationAPIRequest());
// }
// }
// // Handle /dev routes that require active status
// if (pathname.startsWith("/dev")) {
// try {
// const userValidate = await fetch(
// new URL(req.url).origin + "/api/user-validate",
// {
// headers: {
// "Content-Type": "application/json",
// Authorization: `Bearer ${token}`,
// },
// }
// );
// if (!userValidate.ok) {
// throw new Error("Failed to validate user");
// }
// const userValidateJson = await userValidate.json();
// if (userValidateJson.success == true && !userValidateJson.data) {
// unauthorizedResponseDataUserNotFound(req);
// }
// if (!userValidateJson.data.active) {
// return setCorsHeaders(unauthorizedResponseUserNotActive(req));
// }
// } catch (error) {
// console.error("Error validating user:", error);
// if (!token) {
// console.error("Token is undefined");
// return setCorsHeaders(unauthorizedResponseTokenPAGE());
// }
// return setCorsHeaders(
// await unauthorizedResponseValidationUser({
// loginPath,
// sessionKey,
// token,
// req,
// })
// );
// }
// }
// // Ensure token is preserved in cookie
// if (token) {
// response.cookies.set(sessionKey, token, {
// // httpOnly: true,
// secure: process.env.NODE_ENV === "production",
// sameSite: "lax",
// path: "/",
// });
// }
return setCorsHeaders(response);
};
// ============================== RESPONSE HANDLERS ==============================//
function isRoutePublic(
pathname: string,
publicRoutes: string[],
loginPath: string
): boolean {
return [...publicRoutes, loginPath].some((route) => {
const pattern = route.replace(/\*/g, ".*");
return new RegExp(`^${pattern}$`).test(pathname);
});
}
function getToken(req: NextRequest, sessionKey: string): string | undefined {
return (
req.cookies.get(sessionKey)?.value ||
req.headers.get("Authorization")?.split(" ")[1]
);
}
function unauthorizedResponse() {
return new NextResponse(JSON.stringify({ error: "Unauthorized" }), {
status: 401,
headers: { "Content-Type": "application/json" },
});
}
function unauthorizedResponseTokenAPI() {
return new NextResponse(
JSON.stringify({ error: "Unauthorized token on API" }),
{
status: 401,
headers: { "Content-Type": "application/json" },
}
);
}
function unauthorizedResponseTokenPAGE() {
return new NextResponse(JSON.stringify({ error: "Unauthorized on page" }), {
status: 401,
headers: { "Content-Type": "application/json" },
});
}
function unauthorizedResponseAPI() {
return new NextResponse(
JSON.stringify({ error: "Unauthorized Response API" }),
{
status: 401,
headers: { "Content-Type": "application/json" },
}
);
}
function unauthorizedResponseValidationAPIRequest() {
return new NextResponse(
JSON.stringify({ error: "Unauthorized validation api request" }),
{
status: 401,
headers: { "Content-Type": "application/json" },
}
);
}
function unauthorizedResponseDataUserNotFound(req: NextRequest) {
return setCorsHeaders(
NextResponse.redirect(new URL("/invalid-user", req.url))
);
}
function unauthorizedResponseUserNotActive(req: NextRequest) {
return setCorsHeaders(
NextResponse.redirect(new URL("/waiting-room", req.url))
);
}
async function unauthorizedResponseValidationUser({
loginPath,
sessionKey,
token,
req,
}: {
loginPath: string;
sessionKey: string;
token: string;
req: NextRequest;
}) {
const userLogout = await fetch(new URL("/api/auth/logout", req.url), {
headers: {
"Content-Type": "application/json",
Authorization: `Bearer ${token}`,
},
});
if (userLogout.ok) {
const response = NextResponse.redirect(new URL(loginPath, req.url));
// Clear invalid token
response.cookies.delete(sessionKey);
return setCorsHeaders(response);
}
console.error("Error logging out user:", await userLogout.json());
return setCorsHeaders(
NextResponse.redirect(new URL("/invalid-user", req.url))
);
// return setCorsHeaders(
// new NextResponse(JSON.stringify({ error: "Logout failed" }), {
// status: 500,
// headers: { "Content-Type": "application/json" },
// })
// );
}
function setCorsHeaders(res: NextResponse): NextResponse {
res.headers.set("Access-Control-Allow-Origin", "*");
res.headers.set(
"Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE, OPTIONS"
);
res.headers.set(
"Access-Control-Allow-Headers",
"Content-Type, Authorization"
);
return res;
}
function handleCors(req: NextRequest): NextResponse | null {
if (req.method === "OPTIONS") {
return new NextResponse(null, {
status: 204,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
"Access-Control-Allow-Headers": "Content-Type, Authorization",
"Access-Control-Max-Age": "86400",
},
});
}
return null;
}
async function verifyToken({
token,
encodedKey,
}: {
token: string | undefined;
encodedKey: string;
}): Promise<Record<string, unknown> | null> {
if (!token) return null;
try {
const enc = new TextEncoder().encode(encodedKey);
const { payload } = await jwtVerify(token, enc, {
algorithms: ["HS256"],
});
return (payload.user as Record<string, any>) || null;
} catch (error) {
console.error("Token verification failed:", error);
return null;
}
}
export const config = {
matcher: ["/((?!_next|static|favicon.ico|manifest).*)"],
};

250
src/middleware.txt
View File

@@ -1,250 +0,0 @@
import { NextRequest, NextResponse } from "next/server";
import { jwtVerify } from "jose";
type MiddlewareConfig = {
apiPath: string;
loginPath: string;
userPath: string;
publicRoutes: string[];
encodedKey: string;
sessionKey: string;
validationApiRoute: string;
log: boolean;
};
const middlewareConfig: MiddlewareConfig = {
apiPath: "/api",
loginPath: "/login",
userPath: "/dev/home",
publicRoutes: [
"/",
"/api/voting/*",
"/api/collaboration/*",
"/api/notifikasi/*",
"/api/logs/*",
"/api/job/*",
"/api/auth/*",
"/api/origin-url",
"/api/event/*",
"/api/get-cookie",
"/api/user/activation",
"/api/user-validate",
"/login",
"/register",
"/validasi",
"/splash",
"/job-vacancy",
"/preview-image",
"/auth/login",
"/auth/api/login",
"/waiting-room",
"/zCoba/*",
"/aset/global/main_background.png",
"/aset/logo/logo-hipmi.png",
],
encodedKey: process.env.NEXT_PUBLIC_BASE_TOKEN_KEY!,
sessionKey: process.env.NEXT_PUBLIC_BASE_SESSION_KEY!,
validationApiRoute: "/api/validation",
log: false,
};
export const middleware = async (req: NextRequest) => {
const {
apiPath,
encodedKey,
loginPath,
publicRoutes,
sessionKey,
validationApiRoute,
userPath,
} = middlewareConfig;
const { pathname } = req.nextUrl;
// Handle CORS
const corsResponse = handleCors(req);
if (corsResponse) {
return corsResponse;
}
// Check if route is public
const isPublicRoute = isRoutePublic(pathname, publicRoutes, loginPath);
if (isPublicRoute && pathname !== loginPath) {
return setCorsHeaders(NextResponse.next());
}
// Get token from cookies or Authorization header
const token = getToken(req, sessionKey);
// Verify token and get user data
const user = await verifyToken({ token, encodedKey });
// Handle login page access
if (pathname === loginPath) {
if (user) {
const response = NextResponse.redirect(new URL(userPath, req.url));
// Preserve token in cookie when redirecting
if (token) {
response.cookies.set(sessionKey, token, {
httpOnly: true,
secure: process.env.NODE_ENV === "production",
sameSite: "lax",
path: "/",
});
}
return setCorsHeaders(response);
}
return setCorsHeaders(NextResponse.next());
}
// Redirect to login if no user found
if (!user) {
const response = NextResponse.redirect(new URL(loginPath, req.url));
// Clear invalid token
response.cookies.delete(sessionKey);
return setCorsHeaders(response);
}
// Handle /dev routes that require active status
if (pathname.startsWith("/dev")) {
try {
const userValidate = await fetch(new URL("/api/user-validate", req.url), {
headers: {
"Content-Type": "application/json",
Authorization: `Bearer ${token}`,
},
});
if (!userValidate.ok) {
throw new Error("Failed to validate user");
}
const userValidateJson = await userValidate.json();
if (!userValidateJson.data.active) {
return setCorsHeaders(
NextResponse.redirect(new URL("/waiting-room", req.url))
);
}
} catch (error) {
console.error("Error validating user:", error);
return setCorsHeaders(unauthorizedResponse());
}
}
// Handle API requests
if (pathname.startsWith(apiPath)) {
if (!token) {
return setCorsHeaders(unauthorizedResponse());
}
try {
const validationResponse = await fetch(
new URL(validationApiRoute, req.url),
{
headers: {
"Content-Type": "application/json",
Authorization: `Bearer ${token}`,
},
}
);
if (!validationResponse.ok) {
throw new Error("Failed to validate API request");
}
} catch (error) {
console.error("Error validating API request:", error);
return setCorsHeaders(unauthorizedResponse());
}
}
const response = NextResponse.next();
// Ensure token is preserved in cookie
if (token) {
response.cookies.set(sessionKey, token, {
httpOnly: true,
secure: process.env.NODE_ENV === "production",
sameSite: "lax",
path: "/",
});
}
return setCorsHeaders(response);
};
function isRoutePublic(
pathname: string,
publicRoutes: string[],
loginPath: string
): boolean {
return [...publicRoutes, loginPath].some((route) => {
const pattern = route.replace(/\*/g, ".*");
return new RegExp(`^${pattern}$`).test(pathname);
});
}
function getToken(req: NextRequest, sessionKey: string): string | undefined {
return (
req.cookies.get(sessionKey)?.value ||
req.headers.get("Authorization")?.split(" ")[1]
);
}
function unauthorizedResponse(): NextResponse {
return new NextResponse(JSON.stringify({ error: "Unauthorized" }), {
status: 401,
headers: { "Content-Type": "application/json" },
});
}
function setCorsHeaders(res: NextResponse): NextResponse {
res.headers.set("Access-Control-Allow-Origin", "*");
res.headers.set(
"Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE, OPTIONS"
);
res.headers.set(
"Access-Control-Allow-Headers",
"Content-Type, Authorization"
);
return res;
}
function handleCors(req: NextRequest): NextResponse | null {
if (req.method === "OPTIONS") {
return new NextResponse(null, {
status: 204,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
"Access-Control-Allow-Headers": "Content-Type, Authorization",
"Access-Control-Max-Age": "86400",
},
});
}
return null;
}
async function verifyToken({
token,
encodedKey,
}: {
token: string | undefined;
encodedKey: string;
}): Promise<Record<string, unknown> | null> {
if (!token) return null;
try {
const enc = new TextEncoder().encode(encodedKey);
const { payload } = await jwtVerify(token, enc, {
algorithms: ["HS256"],
});
return (payload.user as Record<string, any>) || null;
} catch (error) {
console.error("Token verification failed:", error);
return null;
}
}
export const config = {
matcher: ["/((?!_next|static|favicon.ico|manifest).*)"],
};