46 lines
1.2 KiB
TypeScript
46 lines
1.2 KiB
TypeScript
import { NextResponse } from "next/server";
|
|
import type { NextRequest } from "next/server";
|
|
import { jwtVerify } from "jose";
|
|
|
|
const JWT_SECRET = new TextEncoder().encode(
|
|
process.env.JWT_SECRET || "fallback-secret-change-in-production"
|
|
);
|
|
|
|
const publicPaths = ["/login", "/api/auth"];
|
|
|
|
export async function middleware(request: NextRequest) {
|
|
const { pathname } = request.nextUrl;
|
|
|
|
// Allow public paths
|
|
if (publicPaths.some((path) => pathname.startsWith(path))) {
|
|
return NextResponse.next();
|
|
}
|
|
|
|
// Allow static files and API routes that don't need auth
|
|
if (
|
|
pathname.startsWith("/_next") ||
|
|
pathname.startsWith("/favicon") ||
|
|
pathname.includes(".")
|
|
) {
|
|
return NextResponse.next();
|
|
}
|
|
|
|
// Check auth token
|
|
const token = request.cookies.get("auth-token")?.value;
|
|
|
|
if (!token) {
|
|
return NextResponse.redirect(new URL("/login", request.url));
|
|
}
|
|
|
|
try {
|
|
await jwtVerify(token, JWT_SECRET);
|
|
return NextResponse.next();
|
|
} catch {
|
|
return NextResponse.redirect(new URL("/login", request.url));
|
|
}
|
|
}
|
|
|
|
export const config = {
|
|
matcher: ["/((?!_next/static|_next/image|favicon.ico).*)"],
|
|
};
|