From 6d277a7d62f82416b0a0d48b27dc4dbcc7e3d660 Mon Sep 17 00:00:00 2001
From: Markus Thielker <hey@thielker.dev>
Date: Fri, 4 Apr 2025 16:31:15 +0200
Subject: [PATCH] NORY-59: refactor middleware to use new authentication
 functions

---
 dashboard/src/middleware.ts | 45 ++++++++++++-------------------------
 1 file changed, 14 insertions(+), 31 deletions(-)

diff --git a/dashboard/src/middleware.ts b/dashboard/src/middleware.ts
index 52d7714..62d78cc 100644
--- a/dashboard/src/middleware.ts
+++ b/dashboard/src/middleware.ts
@@ -1,47 +1,30 @@
 import { NextRequest, NextResponse } from 'next/server';
-import { cookies } from 'next/headers';
-import { getFrontendApi, getPermissionApi } from '@/ory/sdk/server';
+import { checkRole, getSession } from '@/lib/action/authentication';
 
 export async function middleware(request: NextRequest) {
 
-    const frontendApi = await getFrontendApi();
-    const cookie = await cookies();
-
-    const session = await frontendApi
-        .toSession({ cookie: 'ory_kratos_session=' + cookie.get('ory_kratos_session')?.value })
-        .then((response) => response.data)
-        .catch(() => null);
+    // middleware can not work with requireSession, requireRole and
+    // requirePermission due to the different redirect mechanisms in use!
 
+    const session = await getSession();
     if (!session) {
 
-        console.log('NO SESSION');
+        console.log('middleware', 'MISSING SESSION');
 
         const url = process.env.NEXT_PUBLIC_AUTHENTICATION_NODE_URL +
             '/flow/login?return_to=' +
             process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL;
 
-        console.log('REDIRECT TO', url);
-
-        return NextResponse.redirect(url);
+        console.log('middleware', 'REDIRECT TO', url);
+        return NextResponse.redirect(url!);
     }
 
-    const permissionApi = await getPermissionApi();
-    const isAdmin = await permissionApi.checkPermission({
-        namespace: 'roles',
-        object: 'admin',
-        relation: 'member',
-        subjectId: session!.identity!.id,
-    })
-        .then(({ data: { allowed } }) => {
-            console.log('is_admin', session!.identity!.id, allowed);
-            return allowed;
-        })
-        .catch((response) => {
-            console.log('is_admin', session!.identity!.id, response, 'check failed');
-            return false;
-        });
+    const allowed = await checkRole(
+        'admin',
+        session!.identity!.id,
+    );
 
-    if (isAdmin) {
+    if (allowed) {
         if (request.nextUrl.pathname === '/unauthorised') {
             return redirect('/', 'HAS PERMISSION BUT ACCESSING /unauthorized');
         }
@@ -55,9 +38,9 @@ export async function middleware(request: NextRequest) {
 }
 
 function redirect(path: string, reason: string) {
-    console.log(reason);
+    console.log('middleware', reason);
     const url = `${process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL}${path}`;
-    console.log('REDIRECT TO', url);
+    console.log('middleware', 'REDIRECT TO', url);
     return NextResponse.redirect(url!);
 }