g/ember-market-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
adb01009eb11a32d1238c973676832b6d3088085
ember-market-frontend/middleware.ts
NotII f0d18a9e67 Add dashboard navigation and request timeouts 
Added 'Back to Dashboard' buttons to all admin dashboard pages for improved navigation. Introduced AbortSignal timeouts to API client and middleware requests to prevent hanging network calls. Also enabled messaging customers from the order details page if Telegram info is available.
2025-10-30 18:35:09 +00:00

89 lines
3.1 KiB
TypeScript
Raw Blame History

import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";
export async function middleware(req: NextRequest) {
const pathname = new URL(req.url).pathname;
// Skip auth check for password reset page
if (pathname.startsWith('/auth/reset-password')) {
return NextResponse.next();
}
// Check for auth token in cookies
const token = req.cookies.get("Authorization")?.value;
// Debug info about all cookies
const allCookies = req.cookies.getAll();
console.log("Middleware: All cookies:", allCookies.map(c => c.name).join(', '));
if (!token) {
// Try to get from Authorization header as fallback
const authHeader = req.headers.get('Authorization');
if (authHeader?.startsWith('Bearer ')) {
console.log("Middleware: Token found in Authorization header");
// Continue with validation using header auth
// The authCheckUrl will handle extracting the token from header
} else {
console.log("Middleware: No token found in cookies or headers, redirecting to login...");
return NextResponse.redirect(new URL("/auth/login", req.url));
}
} else {
console.log("Middleware: Token found in cookies, validating...");
}
try {
// Always use localhost for internal container communication
const authCheckUrl = "http://localhost:3000/api/auth/check";
console.log(`Using internal auth check URL: ${authCheckUrl}`);
// Clone headers to avoid modifying the original request
const headers = new Headers(req.headers);
// If token is in cookie, ensure it's also in Authorization header
if (token && !headers.has('Authorization')) {
headers.set('Authorization', `Bearer ${token}`);
}
const res = await fetch(authCheckUrl, {
method: "GET",
headers,
credentials: 'include',
signal: AbortSignal.timeout(10000), // 10 second timeout
});
console.log(`Middleware: Auth check responded with status ${res.status}`);
if (!res.ok) {
console.log(`Middleware: Auth check failed with status ${res.status}, redirecting to login`);
return NextResponse.redirect(new URL("/auth/login", req.url));
}
console.log("Middleware: Auth check successful");
// Admin-only protection for /dashboard/admin routes
if (pathname.startsWith('/dashboard/admin')) {
try {
const user = await res.json();
const username = user?.vendor?.username;
if (username !== 'admin1') {
console.log("Middleware: Non-admin attempted to access /dashboard/admin, redirecting");
return NextResponse.redirect(new URL("/dashboard", req.url));
}
} catch (e) {
console.log("Middleware: Failed to parse user for admin check, redirecting to login");
return NextResponse.redirect(new URL("/auth/login", req.url));
}
}
} catch (error) {
console.error("Authentication validation failed:", error);
return NextResponse.redirect(new URL("/auth/login", req.url));
}
return NextResponse.next();
}
export const config = {
matcher: ["/dashboard/:path*", "/auth/reset-password/:path*"],
};
Reference in New Issue View Git Blame Copy Permalink