47 lines
1.3 KiB
TypeScript
47 lines
1.3 KiB
TypeScript
import { NextResponse, type NextRequest } from "next/server";
|
|
import { jwtVerify } from "jose";
|
|
|
|
const COOKIE_NAME = "sz_session";
|
|
|
|
async function isValid(token: string | undefined): Promise<boolean> {
|
|
if (!token) return false;
|
|
const secret = process.env.AUTH_SECRET;
|
|
if (!secret || secret.length < 32) return false;
|
|
try {
|
|
await jwtVerify(token, new TextEncoder().encode(secret));
|
|
return true;
|
|
} catch {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
export async function middleware(request: NextRequest) {
|
|
const { pathname } = request.nextUrl;
|
|
|
|
// Nur geschützte Admin-Routen: /admin/... außer /admin/login und /api/admin/login
|
|
const isAdminPage =
|
|
pathname.startsWith("/admin") && !pathname.startsWith("/admin/login");
|
|
const isAdminApi =
|
|
pathname.startsWith("/api/admin") &&
|
|
!pathname.startsWith("/api/admin/login");
|
|
|
|
if (!isAdminPage && !isAdminApi) return NextResponse.next();
|
|
|
|
const token = request.cookies.get(COOKIE_NAME)?.value;
|
|
const authed = await isValid(token);
|
|
|
|
if (authed) return NextResponse.next();
|
|
|
|
if (isAdminApi) {
|
|
return NextResponse.json({ error: "unauthorized" }, { status: 401 });
|
|
}
|
|
|
|
const loginUrl = new URL("/admin/login", request.url);
|
|
loginUrl.searchParams.set("next", pathname);
|
|
return NextResponse.redirect(loginUrl);
|
|
}
|
|
|
|
export const config = {
|
|
matcher: ["/admin/:path*", "/api/admin/:path*"],
|
|
};
|