feat: add PIN lock screen auth + calendar owner filter toggles

2026-04-22 18:50:56 +00:00
parent eb644ff341
commit 1a529fc23e
5 changed files with 440 additions and 332 deletions
--- a/middleware.ts
+++ b/middleware.ts
@@ -0,0 +1,40 @@
+import { NextResponse } from 'next/server'
+import type { NextRequest } from 'next/server'
+import * as crypto from 'crypto'
+
+export function middleware(request: NextRequest) {
+  const { pathname } = request.nextUrl
+
+  // Allow auth API and static assets
+  if (
+    pathname.startsWith('/api/auth') ||
+    pathname.startsWith('/_next') ||
+    pathname.startsWith('/favicon') ||
+    pathname === '/manifest.json'
+  ) {
+    return NextResponse.next()
+  }
+
+  const token = request.cookies.get('auth_token')?.value
+  const pin = process.env.APP_PIN || '1234'
+  const secret = process.env.APP_SECRET || 'smart-home-default-secret-change-me'
+  const expectedToken = crypto.createHmac('sha256', secret).update(pin).digest('hex')
+
+  if (token !== expectedToken) {
+    // For API routes, return 401
+    if (pathname.startsWith('/api/')) {
+      return NextResponse.json({ error: 'unauthorized' }, { status: 401 })
+    }
+
+    // For page requests, rewrite to show login (handled client-side)
+    const url = request.nextUrl.clone()
+    url.searchParams.set('locked', '1')
+    return NextResponse.rewrite(url)
+  }
+
+  return NextResponse.next()
+}
+
+export const config = {
+  matcher: ['/((?!_next/static|_next/image|favicon.ico|manifest.json).*)'],
+}