mirror of
https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web.git
synced 2025-09-26 21:26:37 +08:00
105 lines
3.0 KiB
TypeScript
105 lines
3.0 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
import { checkAuthWithRefresh } from "./app/api/supabase";
|
|
|
|
// Define protected routes that require authentication
|
|
const PROTECTED_PATHS = [
|
|
"/chat",
|
|
"/settings",
|
|
"/profile",
|
|
"/api/chat",
|
|
"/api/user",
|
|
// Add more protected paths as needed
|
|
];
|
|
|
|
// Define public routes that don't require authentication
|
|
const PUBLIC_PATHS = [
|
|
"/",
|
|
"/login",
|
|
"/signup",
|
|
"/api/auth/callback",
|
|
"/api/auth/logout",
|
|
"/api/auth/check",
|
|
// Add more public paths as needed
|
|
];
|
|
|
|
export async function middleware(req: NextRequest) {
|
|
const { pathname } = req.nextUrl;
|
|
|
|
console.log("[Middleware] Processing request for:", pathname);
|
|
|
|
// Skip middleware for static files and Next.js internals
|
|
if (
|
|
pathname.startsWith("/_next/") ||
|
|
pathname.startsWith("/favicon") ||
|
|
pathname.startsWith("/public/") ||
|
|
pathname.includes(".")
|
|
) {
|
|
return NextResponse.next();
|
|
}
|
|
|
|
// Check if path is explicitly public
|
|
const isPublicPath = PUBLIC_PATHS.some(path =>
|
|
pathname === path || pathname.startsWith(path)
|
|
);
|
|
|
|
if (isPublicPath) {
|
|
console.log("[Middleware] Public path, allowing access");
|
|
return NextResponse.next();
|
|
}
|
|
|
|
// Check if path requires authentication
|
|
const isProtectedPath = PROTECTED_PATHS.some(path =>
|
|
pathname.startsWith(path) || pathname === path
|
|
);
|
|
|
|
if (isProtectedPath) {
|
|
console.log("[Middleware] Protected path, checking authentication");
|
|
|
|
try {
|
|
const authResult = await checkAuthWithRefresh(req);
|
|
|
|
if (!authResult.user) {
|
|
console.log("[Middleware] User not authenticated, redirecting to login");
|
|
const loginUrl = new URL("/login", req.url);
|
|
loginUrl.searchParams.set("redirect_to", pathname);
|
|
return NextResponse.redirect(loginUrl);
|
|
}
|
|
|
|
console.log("[Middleware] User authenticated:", authResult.user.email);
|
|
|
|
// If token was refreshed, return the response with updated cookies
|
|
if (authResult.needsRefresh && authResult.response) {
|
|
console.log("[Middleware] Returning response with refreshed tokens");
|
|
// Continue to the original destination
|
|
authResult.response.headers.set("x-middleware-rewrite", req.url);
|
|
return authResult.response;
|
|
}
|
|
|
|
return NextResponse.next();
|
|
} catch (error) {
|
|
console.error("[Middleware] Auth check failed:", error);
|
|
const loginUrl = new URL("/login", req.url);
|
|
loginUrl.searchParams.set("redirect_to", pathname);
|
|
loginUrl.searchParams.set("error", "auth_check_failed");
|
|
return NextResponse.redirect(loginUrl);
|
|
}
|
|
}
|
|
|
|
// For all other paths, allow access without authentication
|
|
console.log("[Middleware] Unprotected path, allowing access");
|
|
return NextResponse.next();
|
|
}
|
|
|
|
export const config = {
|
|
matcher: [
|
|
/*
|
|
* Match all request paths except for the ones starting with:
|
|
* - api/auth (auth routes)
|
|
* - _next/static (static files)
|
|
* - _next/image (image optimization files)
|
|
* - favicon.ico (favicon file)
|
|
*/
|
|
"/((?!_next/static|_next/image|favicon.ico).*)",
|
|
],
|
|
};
|