-
Notifications
You must be signed in to change notification settings - Fork 0
/
middleware.ts
63 lines (53 loc) · 1.54 KB
/
middleware.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
import { withAuth } from "next-auth/middleware";
import { NextResponse } from "next/server";
export const config = {
matcher: [
"/employee/:path*",
"/admin/:path*",
"/landing",
"/profile",
"/setting",
],
};
export default withAuth(async (req) => {
if (process.env.LOCAL_CMS_PROVIDER) return;
const token = req.nextauth.token;
const url = new URL(req.url);
if (
!token &&
(url.pathname.startsWith("/landing") ||
url.pathname.startsWith("/profile") ||
url.pathname.startsWith("/setting"))
) {
return NextResponse.redirect(new URL("/signin", req.url));
}
if (
token &&
(url.pathname.startsWith("/landing") ||
url.pathname.startsWith("/profile") ||
url.pathname.startsWith("/setting"))
) {
return NextResponse.next();
}
if (!token) {
return NextResponse.redirect(new URL("/invalidsession", req.url));
}
const userResponse = await fetch(
`${process.env.NEXT_PUBLIC_BASE_URL_LOCAL}/api/user?token=${token.jwtToken}`
);
const userJson = await userResponse.json();
if (!userJson.user) {
return NextResponse.redirect(new URL("/invalidsession", req.url));
}
if (url.pathname.startsWith("/admin")) {
if (!["ADMIN", "HR"].includes(userJson.user.role)) {
return NextResponse.redirect(new URL("/forbidden", req.url));
}
}
if (url.pathname.startsWith("/employee")) {
if (!["EMPLOYEE", "HR", "ADMIN"].includes(userJson.user.role)) {
return NextResponse.redirect(new URL("/forbidden", req.url));
}
}
return NextResponse.next();
});