fix: client-side auth check instead of middleware rewrite
All checks were successful
Deploy / deploy (push) Successful in 2m38s
All checks were successful
Deploy / deploy (push) Successful in 2m38s
This commit is contained in:
Cosmo
@@ -13,12 +13,8 @@ async function hmacSha256(secret: string, message: string): Promise<string> {
|
||||
export async function middleware(request: NextRequest) {
|
||||
const { pathname } = request.nextUrl
|
||||
|
||||
if (
|
||||
pathname.startsWith('/api/auth') ||
|
||||
pathname.startsWith('/_next') ||
|
||||
pathname.startsWith('/favicon') ||
|
||||
pathname === '/manifest.json'
|
||||
) {
|
||||
// Only protect API routes (except /api/auth)
|
||||
if (!pathname.startsWith('/api/') || pathname.startsWith('/api/auth')) {
|
||||
return NextResponse.next()
|
||||
}
|
||||
|
||||
@@ -28,17 +24,12 @@ export async function middleware(request: NextRequest) {
|
||||
const expectedToken = await hmacSha256(secret, pin)
|
||||
|
||||
if (token !== expectedToken) {
|
||||
if (pathname.startsWith('/api/')) {
|
||||
return NextResponse.json({ error: 'unauthorized' }, { status: 401 })
|
||||
}
|
||||
const url = request.nextUrl.clone()
|
||||
url.searchParams.set('locked', '1')
|
||||
return NextResponse.rewrite(url)
|
||||
return NextResponse.json({ error: 'unauthorized' }, { status: 401 })
|
||||
}
|
||||
|
||||
return NextResponse.next()
|
||||
}
|
||||
|
||||
export const config = {
|
||||
matcher: ['/((?!_next/static|_next/image|favicon.ico|manifest.json).*)'],
|
||||
matcher: ['/api/:path*'],
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user