wibu/hipmi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix user validation

Browse Source
This commit is contained in:
Bagasbanuna02
2025-04-08 10:33:03 +08:00
parent 6749ff636d
commit 12f12a82b5
2 changed files with 40 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/app/api/user-validate/route.ts
View File

@@ -1,12 +1,25 @@
import { decrypt } from "@/app/(auth)/_lib/decrypt"; import { decrypt } from "@/app/(auth)/_lib/decrypt";
import { prisma } from "@/lib"; import { prisma } from "@/lib";
import { NextRequest, NextResponse } from "next/server"; import { cookies } from "next/headers";
import { NextResponse } from "next/server";
export const dynamic = "force-dynamic"; export const dynamic = "force-dynamic";
export async function GET(req: NextRequest) { export async function GET(req: Request) {
try { try {
const token = req.headers.get("Authorization")?.split(" ")[1]; const SESSIONKEY = process.env.NEXT_PUBLIC_BASE_SESSION_KEY!;
// const token = req.headers.get("Authorization")?.split(" ")[1]
const token =
cookies().get(SESSIONKEY)?.value ||
req.headers.get("Authorization")?.split(" ")[1];
if (!token) {
return NextResponse.json(
{
success: false,
message: "Unauthorized token not found",
},
{ status: 401 }
);
}
const decripted = await decrypt({ const decripted = await decrypt({
token: token!, token: token!,

31
src/middleware.ts
View File

@@ -41,6 +41,7 @@ const middlewareConfig: MiddlewareConfig = {
"/api/get-cookie", "/api/get-cookie",
"/api/user/activation", "/api/user/activation",
"/api/user-validate", "/api/user-validate",
"/api/version",
// PAGE // PAGE
"/login", "/login",
@@ -176,7 +177,14 @@ export const middleware = async (req: NextRequest) => {
console.error("Token is undefined"); console.error("Token is undefined");
return setCorsHeaders(unauthorizedResponseToken()); return setCorsHeaders(unauthorizedResponseToken());
} }
return setCorsHeaders(await unauthorizedResponseValidationUser(token, req)); return setCorsHeaders(
await unauthorizedResponseValidationUser({
loginPath,
sessionKey,
token,
req,
})
);
} }
} }
@@ -257,11 +265,17 @@ function unauthorizedResponseUserNotActive(req: NextRequest) {
); );
} }
async function unauthorizedResponseValidationUser( async function unauthorizedResponseValidationUser({
token: string, loginPath,
req: NextRequest sessionKey,
) { token,
console.log("Token:", token); req,
}: {
loginPath: string;
sessionKey: string;
token: string;
req: NextRequest;
}) {
const userLogout = await fetch(new URL("/api/auth/logout", req.url), { const userLogout = await fetch(new URL("/api/auth/logout", req.url), {
headers: { headers: {
"Content-Type": "application/json", "Content-Type": "application/json",
@@ -270,8 +284,9 @@ async function unauthorizedResponseValidationUser(
}); });
if (userLogout.ok) { if (userLogout.ok) {
const response = NextResponse.redirect(new URL("/login", req.url)); const response = NextResponse.redirect(new URL(loginPath, req.url));
response.cookies.delete(middlewareConfig.sessionKey); // Clear invalid token
response.cookies.delete(sessionKey);
return setCorsHeaders(response); return setCorsHeaders(response);
} }
console.error("Error logging out user:", await userLogout.json()); console.error("Error logging out user:", await userLogout.json());