fix middleware and login logout
This commit is contained in:
@@ -138,7 +138,7 @@ export function Admin_V3_ComponentButtonUserCircle({
|
||||
|
||||
if (response && response.success) {
|
||||
ComponentGlobal_NotifikasiBerhasil(response.message);
|
||||
router.replace("/", { scroll: false });
|
||||
router.replace("/login", { scroll: false });
|
||||
}
|
||||
} catch (error) {
|
||||
console.error(error);
|
||||
|
||||
@@ -20,7 +20,7 @@ export default function InvalidUser() {
|
||||
await fetch("/api/auth/logout", {
|
||||
method: "GET",
|
||||
});
|
||||
router.push("/", { scroll: false });
|
||||
router.replace("/login", { scroll: false });
|
||||
setIsLoading(false);
|
||||
} catch (error) {
|
||||
setIsLoading(false);
|
||||
|
||||
@@ -22,7 +22,7 @@ export default function Component_ButtonLogout({ userId }: { userId: string }) {
|
||||
|
||||
if (response && response.success) {
|
||||
ComponentGlobal_NotifikasiBerhasil(response.message);
|
||||
router.replace("/", { scroll: false });
|
||||
router.replace("/login", { scroll: false });
|
||||
}
|
||||
} catch (error) {
|
||||
console.error(error);
|
||||
|
||||
@@ -71,6 +71,7 @@ export const middleware = async (req: NextRequest) => {
|
||||
// Get token from cookie or Authorization header
|
||||
const token = getToken(req, sessionKey);
|
||||
const user = await verifyToken({ token, encodedKey });
|
||||
// console.log("user >>", user);
|
||||
|
||||
// Handle login page access
|
||||
if (pathname === loginPath) {
|
||||
@@ -164,6 +165,56 @@ export const middleware = async (req: NextRequest) => {
|
||||
}
|
||||
}
|
||||
|
||||
if (pathname.startsWith("/dev/admin")) {
|
||||
try {
|
||||
const apiBaseUrl =
|
||||
process.env.NEXT_PUBLIC_API_URL || new URL(req.url).origin;
|
||||
const userValidateResponse = await fetch(
|
||||
`${apiBaseUrl}/api/user-validate`,
|
||||
{
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
Authorization: `Bearer ${token}`,
|
||||
},
|
||||
}
|
||||
);
|
||||
|
||||
if (!userValidateResponse.ok) {
|
||||
console.error(
|
||||
"User validation failed:",
|
||||
userValidateResponse.statusText
|
||||
);
|
||||
return setCorsHeaders(unauthorizedResponseAPIUserValidate(req));
|
||||
}
|
||||
|
||||
const userValidateJson = await userValidateResponse.json();
|
||||
// console.log("data json >>", userValidateJson.data);
|
||||
|
||||
if (userValidateJson.success === true && !userValidateJson.data) {
|
||||
return setCorsHeaders(unauthorizedResponseDataUserNotFound(req));
|
||||
}
|
||||
|
||||
if (userValidateJson.data.masterUserRoleId === "1") {
|
||||
return setCorsHeaders(unauthorizedResponseUserNotAdmin(req));
|
||||
}
|
||||
|
||||
if (!userValidateJson.data.active) {
|
||||
return setCorsHeaders(unauthorizedResponseUserNotActive(req));
|
||||
}
|
||||
} catch (error) {
|
||||
console.error("Error during user validation API:", error);
|
||||
if (!token) return setCorsHeaders(unauthorizedResponseTokenPAGE());
|
||||
return setCorsHeaders(
|
||||
await unauthorizedResponseValidationUser({
|
||||
loginPath,
|
||||
sessionKey,
|
||||
token,
|
||||
req,
|
||||
})
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// Default: proceed with request and add CORS headers
|
||||
const response = NextResponse.next();
|
||||
return setCorsHeaders(response);
|
||||
@@ -193,7 +244,6 @@ function getToken(req: NextRequest, sessionKey: string): string | undefined {
|
||||
return undefined;
|
||||
}
|
||||
|
||||
|
||||
function cookieOptions() {
|
||||
return {
|
||||
secure: process.env.NODE_ENV === "production",
|
||||
@@ -331,6 +381,10 @@ function unauthorizedResponseUserNotActive(req: NextRequest) {
|
||||
);
|
||||
}
|
||||
|
||||
function unauthorizedResponseUserNotAdmin(req: NextRequest) {
|
||||
return setCorsHeaders(NextResponse.redirect(new URL("/dev/home", req.url)));
|
||||
}
|
||||
|
||||
async function unauthorizedResponseValidationUser({
|
||||
loginPath,
|
||||
sessionKey,
|
||||
|
||||
Reference in New Issue
Block a user