api secured

This commit is contained in:
Cypro Freelance 2024-08-08 15:44:09 +05:30
parent 22b727d825
commit 4e3c2f51b6

View file

@ -5,10 +5,19 @@ import { getToken } from "next-auth/jwt";
export async function middleware(req: NextRequest) {
const token = await getToken({ req, secret: process.env.NEXTAUTH_SECRET });
if (req.nextUrl.pathname.startsWith("/admin") && !token) {
if (!token) {
if (req.nextUrl.pathname.startsWith("/admin")) {
const url = req.nextUrl.clone();
url.pathname = "/login";
return NextResponse.redirect(url);
} else if (
req.nextUrl.pathname.startsWith("/api/mdx/pages") &&
req.method != "GET"
) {
return NextResponse.json({ error: "Login required" }, { status: 401 });
} else if (req.nextUrl.pathname.startsWith("/api")) {
return NextResponse.json({ error: "Login required" }, { status: 401 });
}
}
return NextResponse.next();
@ -20,9 +29,13 @@ export const config = {
"/api/delete/downloads/[id]",
"/api/delete/logs/[id]",
"/api/delete/mods/[id]",
"/api/delete/vulnerability/[id]",
"/api/mdx/pages",
"/api/mdx/pages/[slug]",
"/api/upload",
"/api/uploadlogs",
"/api/uploadmods",
"/api/uploadthing",
"/api/uploadvulnerabilities",
],
};