daniil/smart-home-tablet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e96e7a13423a11345a7302c01ee954b05c6f0255
smart-home-tablet/middleware.ts
Cosmo e96e7a1342
All checks were successful
Deploy / deploy (push) Successful in 3m18s
Details
feat(voice): tool endpoints, timer widget, clean Siri-style overlay 
Adds the infrastructure for Claude tool use + visual timer.

Tablet API surface (all bearer-authed with VOICE_API_KEY, middleware bypassed):
- /api/voice/tools/weather    — current + short forecast via Open-Meteo
- /api/voice/tools/transport  — tram arrivals by direction / route filter
- /api/voice/tools/events     — Google Calendar today/week
- /api/voice/tools/notes      — notes + shopping lists
- /api/voice/timer            — start (with seconds+label), cancel; GET list (cookie ok)
  Active timers persisted at /data/tablet-timers.json

UI:
- VoiceOverlay stripped to minimal Siri look: no agent emoji/name, just the
  pulsing orb (3-layer radial gradient, independent breath animations),
  subtle status label on wake only, transcription/response text centered.
  Agents distinguished by orb color (Cosmo indigo/violet, Люся pink).
- TimerWidget: bottom-right chip stack with countdown, progress bar, turns
  amber in last 10s. On expiry, fires fullscreen alarm overlay with beep
  (WebAudio osc) + Остановить button.

Other:
- lib/timers.ts — persistent timer store in /data
- lib/voice-tools.ts — shared bearer-auth helper
- middleware — bypass list now covers /api/voice/tools/* and /api/voice/timer
2026-04-23 13:33:31 +00:00

31 lines
1.1 KiB
TypeScript
Raw Blame History

import { NextResponse } from 'next/server'
import type { NextRequest } from 'next/server'
export async function middleware(request: NextRequest) {
const { pathname } = request.nextUrl
// Only protect API routes. /api/voice/event, /api/voice/tools/*, /api/voice/timer
// have their own bearer-token auth (VOICE_API_KEY) and bypass the cookie check.
const isVoiceBearer =
pathname === '/api/voice/event' ||
pathname.startsWith('/api/voice/tools/') ||
pathname === '/api/voice/timer'
if (!pathname.startsWith('/api/') || pathname.startsWith('/api/auth') || isVoiceBearer) {
return NextResponse.next()
}
// Check auth by forwarding to auth check
const token = request.cookies.get('auth_token')?.value
if (!token) {
return NextResponse.json({ error: 'unauthorized' }, { status: 401 })
}
// Let the request through — individual API routes can do further validation if needed
// The auth cookie existence is sufficient since it is httpOnly and set by server
return NextResponse.next()
}
export const config = {
matcher: ['/api/:path*'],
}
Reference in New Issue View Git Blame Copy Permalink