Update Versi 1.5.27 #32
@@ -5,16 +5,9 @@ import { NextResponse } from "next/server";
|
||||
export async function GET(req: Request) {
|
||||
// const token = req.headers.get("Authorizationx")?.split(" ")[1];
|
||||
const SESSIONKEY = process.env.NEXT_PUBLIC_BASE_SESSION_KEY!;
|
||||
console.log(
|
||||
"Token received in API Middleware:",
|
||||
SESSIONKEY,
|
||||
`<<<<<<<<<<<<<<<`
|
||||
);
|
||||
const tokenCookies = cookies().get(SESSIONKEY)?.value;
|
||||
console.log("Token received in Cookies:", tokenCookies);
|
||||
|
||||
const tokenHeader = req.headers.get("Authorization")?.split(" ")[1];
|
||||
console.log("Token received in Header:", tokenHeader);
|
||||
|
||||
if (!tokenCookies) return NextResponse.json({ success: false });
|
||||
return NextResponse.json({ success: true });
|
||||
|
||||
@@ -76,19 +76,8 @@ export const middleware = async (req: NextRequest) => {
|
||||
} = middlewareConfig;
|
||||
|
||||
const { pathname } = req.nextUrl;
|
||||
// console.warn(cookies().get("hipmi-key")?.value);
|
||||
// const f = await fetch("https://localhost:3000/api/middleware", {
|
||||
// method: "GET",
|
||||
// headers: {
|
||||
// "Content-Type": "application/json",
|
||||
// },
|
||||
// });
|
||||
|
||||
// console.warn(await f.text())
|
||||
// console.log("Cookies >>", req.cookies.get("hipmi-key")?.value);
|
||||
|
||||
// Handle CORS
|
||||
const corsResponse = handleCors(req);
|
||||
|
||||
if (corsResponse) {
|
||||
return corsResponse;
|
||||
}
|
||||
@@ -105,29 +94,6 @@ export const middleware = async (req: NextRequest) => {
|
||||
|
||||
console.log("Request URL v2 >>", req.url);
|
||||
|
||||
// const fetchValidation = async (url: string) => {
|
||||
// try {
|
||||
// const origin = new URL(req.url).origin;
|
||||
// console.log("Origin URL:", origin + url);
|
||||
// console.log("URL:", url);
|
||||
// const response = await fetch(origin + url, {
|
||||
// headers: {
|
||||
// "Content-Type": "application/json",
|
||||
// Authorization: `Bearer ${token}`,
|
||||
// },
|
||||
// });
|
||||
// if (!response.ok) {
|
||||
// console.error("Validation failed:", response.statusText);
|
||||
// return null;
|
||||
// }
|
||||
// const data = await response.json();
|
||||
// return data;
|
||||
// } catch (error) {
|
||||
// console.error("Error fetching validation:", error);
|
||||
// return null;
|
||||
// }
|
||||
// };
|
||||
|
||||
// Handle login page access
|
||||
if (pathname === loginPath) {
|
||||
if (user) {
|
||||
@@ -165,7 +131,8 @@ export const middleware = async (req: NextRequest) => {
|
||||
const originURL = process.env.NEXT_PUBLIC_API_URL;
|
||||
console.log("Origin URL >> ", originURL);
|
||||
|
||||
const apiBaseUrl = process.env.NEXT_PUBLIC_API_URL || new URL(req.url).origin;
|
||||
const apiBaseUrl =
|
||||
process.env.NEXT_PUBLIC_API_URL || new URL(req.url).origin;
|
||||
const validationResponse = await fetch(`${apiBaseUrl}/api/validation`, {
|
||||
headers: {
|
||||
Authorization: `Bearer ${token}`,
|
||||
@@ -191,48 +158,49 @@ export const middleware = async (req: NextRequest) => {
|
||||
}
|
||||
}
|
||||
|
||||
// // Handle /dev routes that require active status
|
||||
// if (pathname.startsWith("/dev")) {
|
||||
// try {
|
||||
// const userValidate = await fetch(
|
||||
// new URL(req.url).origin + "/api/user-validate",
|
||||
// {
|
||||
// headers: {
|
||||
// "Content-Type": "application/json",
|
||||
// Authorization: `Bearer ${token}`,
|
||||
// },
|
||||
// }
|
||||
// );
|
||||
// Handle /dev routes that require active status
|
||||
if (pathname.startsWith("/dev")) {
|
||||
try {
|
||||
const apiBaseUrl =
|
||||
process.env.NEXT_PUBLIC_API_URL || new URL(req.url).origin;
|
||||
|
||||
// if (!userValidate.ok) {
|
||||
// throw new Error("Failed to validate user");
|
||||
// }
|
||||
const userValidate = await fetch(`${apiBaseUrl}/api/user-validate`, {
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
Authorization: `Bearer ${token}`,
|
||||
},
|
||||
});
|
||||
|
||||
// const userValidateJson = await userValidate.json();
|
||||
if (!userValidate.ok) {
|
||||
console.error("Validation failed:", userValidate.statusText);
|
||||
return setCorsHeaders(unauthorizedResponseAPIUserValidate());
|
||||
}
|
||||
|
||||
// if (userValidateJson.success == true && !userValidateJson.data) {
|
||||
// unauthorizedResponseDataUserNotFound(req);
|
||||
// }
|
||||
const userValidateJson = await userValidate.json();
|
||||
|
||||
// if (!userValidateJson.data.active) {
|
||||
// return setCorsHeaders(unauthorizedResponseUserNotActive(req));
|
||||
// }
|
||||
// } catch (error) {
|
||||
// console.error("Error validating user:", error);
|
||||
// if (!token) {
|
||||
// console.error("Token is undefined");
|
||||
// return setCorsHeaders(unauthorizedResponseTokenPAGE());
|
||||
// }
|
||||
// return setCorsHeaders(
|
||||
// await unauthorizedResponseValidationUser({
|
||||
// loginPath,
|
||||
// sessionKey,
|
||||
// token,
|
||||
// req,
|
||||
// })
|
||||
// );
|
||||
// }
|
||||
// }
|
||||
if (userValidateJson.success == true && !userValidateJson.data) {
|
||||
unauthorizedResponseDataUserNotFound(req);
|
||||
}
|
||||
|
||||
if (!userValidateJson.data.active) {
|
||||
return setCorsHeaders(unauthorizedResponseUserNotActive(req));
|
||||
}
|
||||
} catch (error) {
|
||||
console.error("Error api user validate:", error);
|
||||
if (!token) {
|
||||
console.error("Token is undefined");
|
||||
return setCorsHeaders(unauthorizedResponseTokenPAGE());
|
||||
}
|
||||
return setCorsHeaders(
|
||||
await unauthorizedResponseValidationUser({
|
||||
loginPath,
|
||||
sessionKey,
|
||||
token,
|
||||
req,
|
||||
})
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// // Ensure token is preserved in cookie
|
||||
// if (token) {
|
||||
@@ -273,6 +241,16 @@ function unauthorizedResponse() {
|
||||
});
|
||||
}
|
||||
|
||||
function unauthorizedResponseAPIUserValidate() {
|
||||
return new NextResponse(
|
||||
JSON.stringify({ error: "Unauthorized api user validate" }),
|
||||
{
|
||||
status: 401,
|
||||
headers: { "Content-Type": "application/json" },
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
function unauthorizedResponseTokenAPI() {
|
||||
return new NextResponse(
|
||||
JSON.stringify({ error: "Unauthorized token on API" }),
|
||||
|
||||
8
x.sh
8
x.sh
@@ -1,5 +1,7 @@
|
||||
TOKEN="eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7ImlkIjoiY20wYWUzcmw2MDAwMWZzNWowN3ZtdjRvaCIsIm5vbW9yIjoiNjI4MjM0MDM3NDQxMiIsInVzZXJuYW1lIjoiYmFnYXNfYWRtaW4iLCJhY3RpdmUiOnRydWUsIm1hc3RlclVzZXJSb2xlSWQiOiIzIn0sImlhdCI6MTc0Mjk2OTc1OSwiZXhwIjoxOTYzODcyOTU5fQ.4bFEdhm4TeysoDcC1D54PPbyJPHSMBisiEn5GXoYr30"
|
||||
# curl -X GET -H "Authorization: Bearer $TOKEN" https://localhost:3000/api/middleware
|
||||
TOKEN="eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7ImlkIjoiY202MGc3eDR2MDAwODEyNHVsbmg0MDR6bSIsIm5vbW9yIjoiNjI4MTMzOTE1ODkxMSIsInVzZXJuYW1lIjoiQmFnYXNfYmFudW5hIiwiYWN0aXZlIjp0cnVlLCJtYXN0ZXJVc2VyUm9sZUlkIjoiMSJ9LCJpYXQiOjE3NDQwOTQyMjQsImV4cCI6MTk2NDk5NzQyNH0.ByTKFPpcL6oljeizWkUM4Z0jaWzc9oPrkpCCImQY3KE"
|
||||
URL="https://stg-hipmi.wibudev.com"
|
||||
# curl -X GET -H "Authorization: Bearer $TOKEN" ${URL}/api/middleware
|
||||
|
||||
curl -X GET -H "Cookie: hipmi-key=$TOKEN; user_id=789" https://localhost:3000/api/middleware
|
||||
|
||||
|
||||
curl -X GET -H "Cookie: hipmi-key=$TOKEN; user_id=789" ${URL}/dev/home | tee test.html
|
||||
|
||||
Reference in New Issue
Block a user