Initial commit: spreewaldzeit + Dockerfile for Coolify (Next.js + Prisma/SQLite)

2026-06-03 14:08:48 +02:00
commit bf5d79a919
94 changed files with 12480 additions and 0 deletions
--- a/middleware.ts
+++ b/middleware.ts
@@ -0,0 +1,46 @@
+import { NextResponse, type NextRequest } from "next/server";
+import { jwtVerify } from "jose";
+
+const COOKIE_NAME = "sz_session";
+
+async function isValid(token: string | undefined): Promise<boolean> {
+  if (!token) return false;
+  const secret = process.env.AUTH_SECRET;
+  if (!secret || secret.length < 32) return false;
+  try {
+    await jwtVerify(token, new TextEncoder().encode(secret));
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+export async function middleware(request: NextRequest) {
+  const { pathname } = request.nextUrl;
+
+  // Nur geschützte Admin-Routen: /admin/... außer /admin/login und /api/admin/login
+  const isAdminPage =
+    pathname.startsWith("/admin") && !pathname.startsWith("/admin/login");
+  const isAdminApi =
+    pathname.startsWith("/api/admin") &&
+    !pathname.startsWith("/api/admin/login");
+
+  if (!isAdminPage && !isAdminApi) return NextResponse.next();
+
+  const token = request.cookies.get(COOKIE_NAME)?.value;
+  const authed = await isValid(token);
+
+  if (authed) return NextResponse.next();
+
+  if (isAdminApi) {
+    return NextResponse.json({ error: "unauthorized" }, { status: 401 });
+  }
+
+  const loginUrl = new URL("/admin/login", request.url);
+  loginUrl.searchParams.set("next", pathname);
+  return NextResponse.redirect(loginUrl);
+}
+
+export const config = {
+  matcher: ["/admin/:path*", "/api/admin/:path*"],
+};