markus/next-ory
1
0
Fork 0
mirror of https://codeberg.org/MarkusThielker/next-ory.git synced 2025-04-19 09:01:18 +00:00
Code Releases Packages Activity
next-ory/dashboard/src/middleware.ts
Markus Thielker 40a46f6457
NORY-36: improve permission check in middleware
2024-12-15 16:37:51 +01:00

66 lines
2.1 KiB
TypeScript
Raw Blame History

import { NextRequest, NextResponse } from 'next/server';
import { cookies } from 'next/headers';
import { getFrontendApi, getPermissionApi } from '@/ory/sdk/server';
export async function middleware(request: NextRequest) {
const frontendApi = await getFrontendApi();
const cookie = await cookies();
const session = await frontendApi
.toSession({ cookie: 'ory_kratos_session=' + cookie.get('ory_kratos_session')?.value })
.then((response) => response.data)
.catch(() => null);
if (!session) {
console.log('NO SESSION');
const url = process.env.NEXT_PUBLIC_AUTHENTICATION_NODE_URL +
'/flow/login?return_to=' +
process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL;
console.log('REDIRECT TO', url);
return NextResponse.redirect(url);
}
const permissionApi = await getPermissionApi();
const isAdmin = await permissionApi.checkPermission({
namespace: 'roles',
object: 'admin',
relation: 'member',
subjectId: session!.identity!.id,
})
.then(({ data: { allowed } }) => {
console.log('is_admin', session!.identity!.id, allowed);
return allowed;
})
.catch((response) => {
console.log('is_admin', session!.identity!.id, response, 'check failed');
return false;
});
if (isAdmin) {
if (request.nextUrl.pathname === '/unauthorised') {
return redirect('/', 'HAS PERMISSION BUT ACCESSING /unauthorized');
}
return NextResponse.next();
} else {
if (request.nextUrl.pathname === '/unauthorised') {
return NextResponse.next();
}
return redirect('/unauthorised', 'MISSING SESSION');
}
}
function redirect(path: string, reason: string) {
console.log(reason);
const url = `${process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL}${path}`;
console.log('REDIRECT TO', url);
return NextResponse.redirect(url!);
}
export const config = {
matcher: '/((?!api|_next/static|_next/image|favicon.png|sitemap.xml|robots.txt).*)',
};
View git blame Copy permalink