From 40a46f6457e50a67e3d19688799f662a91b3ec04 Mon Sep 17 00:00:00 2001
From: Markus Thielker <mail.markus.thielker@gmail.com>
Date: Sun, 15 Dec 2024 16:37:51 +0100
Subject: [PATCH] NORY-36: improve permission check in middleware

---
 dashboard/src/middleware.ts | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/dashboard/src/middleware.ts b/dashboard/src/middleware.ts
index 27c3d02..52d7714 100644
--- a/dashboard/src/middleware.ts
+++ b/dashboard/src/middleware.ts
@@ -25,10 +25,6 @@ export async function middleware(request: NextRequest) {
         return NextResponse.redirect(url);
     }
 
-    if (request.nextUrl.pathname === '/unauthorised') {
-        return NextResponse.next();
-    }
-
     const permissionApi = await getPermissionApi();
     const isAdmin = await permissionApi.checkPermission({
         namespace: 'roles',
@@ -46,15 +42,25 @@ export async function middleware(request: NextRequest) {
         });
 
     if (isAdmin) {
+        if (request.nextUrl.pathname === '/unauthorised') {
+            return redirect('/', 'HAS PERMISSION BUT ACCESSING /unauthorized');
+        }
         return NextResponse.next();
     } else {
-        console.log('MISSING PERMISSION');
-        const url = `${process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL}/unauthorised`;
-        console.log('REDIRECT TO', url);
-        return NextResponse.redirect(url!);
+        if (request.nextUrl.pathname === '/unauthorised') {
+            return NextResponse.next();
+        }
+        return redirect('/unauthorised', 'MISSING SESSION');
     }
 }
 
+function redirect(path: string, reason: string) {
+    console.log(reason);
+    const url = `${process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL}${path}`;
+    console.log('REDIRECT TO', url);
+    return NextResponse.redirect(url!);
+}
+
 export const config = {
     matcher: '/((?!api|_next/static|_next/image|favicon.png|sitemap.xml|robots.txt).*)',
 };