markus/next-ory
1
0
Fork 0
mirror of https://codeberg.org/MarkusThielker/next-ory.git synced 2025-04-19 09:01:18 +00:00
Code Releases Packages Activity

NORY-59: refactor middleware to use new authentication functions

Browse source
This commit is contained in:
Markus Thielker 2025-04-04 16:31:15 +02:00 committed by Markus Thielker
parent b29c19f322
commit 6d277a7d62
1 changed files with 14 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
dashboard/src/middleware.ts
View file

@ -1,47 +1,30 @@
import { NextRequest, NextResponse } from 'next/server'; import { NextRequest, NextResponse } from 'next/server';
import { cookies } from 'next/headers'; import { checkRole, getSession } from '@/lib/action/authentication';
import { getFrontendApi, getPermissionApi } from '@/ory/sdk/server';
export async function middleware(request: NextRequest) { export async function middleware(request: NextRequest) {
const frontendApi = await getFrontendApi(); // middleware can not work with requireSession, requireRole and
const cookie = await cookies(); // requirePermission due to the different redirect mechanisms in use!
const session = await frontendApi
.toSession({ cookie: 'ory_kratos_session=' + cookie.get('ory_kratos_session')?.value })
.then((response) => response.data)
.catch(() => null);
const session = await getSession();
if (!session) { if (!session) {
console.log('NO SESSION'); console.log('middleware', 'MISSING SESSION');
const url = process.env.NEXT_PUBLIC_AUTHENTICATION_NODE_URL + const url = process.env.NEXT_PUBLIC_AUTHENTICATION_NODE_URL +
'/flow/login?return_to=' + '/flow/login?return_to=' +
process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL; process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL;
console.log('REDIRECT TO', url); console.log('middleware', 'REDIRECT TO', url);
return NextResponse.redirect(url!);
return NextResponse.redirect(url);
} }
const permissionApi = await getPermissionApi(); const allowed = await checkRole(
const isAdmin = await permissionApi.checkPermission({ 'admin',
namespace: 'roles', session!.identity!.id,
object: 'admin', );
relation: 'member',
subjectId: session!.identity!.id,
})
.then(({ data: { allowed } }) => {
console.log('is_admin', session!.identity!.id, allowed);
return allowed;
})
.catch((response) => {
console.log('is_admin', session!.identity!.id, response, 'check failed');
return false;
});
if (isAdmin) { if (allowed) {
if (request.nextUrl.pathname === '/unauthorised') { if (request.nextUrl.pathname === '/unauthorised') {
return redirect('/', 'HAS PERMISSION BUT ACCESSING /unauthorized'); return redirect('/', 'HAS PERMISSION BUT ACCESSING /unauthorized');
} }
@ -55,9 +38,9 @@ export async function middleware(request: NextRequest) {
} }
function redirect(path: string, reason: string) { function redirect(path: string, reason: string) {
console.log(reason); console.log('middleware', reason);
const url = `${process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL}${path}`; const url = `${process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL}${path}`;
console.log('REDIRECT TO', url); console.log('middleware', 'REDIRECT TO', url);
return NextResponse.redirect(url!); return NextResponse.redirect(url!);
} }