Neup.Account/proxy.ts at main · neupgroup/Neup.Account · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';

export function proxy(request: NextRequest) {
  const { pathname } = request.nextUrl;

  // 1. Prepare Headers
  const requestHeaders = new Headers(request.headers);
  requestHeaders.set('x-next-pathname', pathname);

  // 2. Device Block Check
  // If the user is blocked, redirect them to /auth/blocked immediately.
  // We must allow access to /auth/blocked itself to avoid infinite loops.
  if (request.cookies.has('device_block') && pathname !== '/auth/blocked') {
    return NextResponse.redirect(new URL('/auth/blocked', request.url));
  }

  // 3. Exclusions (Static assets, etc.)
  // These are usually handled by the matcher, but explicit check is good safety.
  if (
    pathname.startsWith('/_next') ||
    pathname === '/favicon.ico' ||
    pathname.startsWith('/.well-known')
  ) {
    return NextResponse.next({
        request: { headers: requestHeaders }
    });
  }

  // 4. Public Routes (API, Bridge, Auth, Blocked page)
  // These paths do NOT require the main session authentication check here.
  if (
    pathname.startsWith('/bridge') ||
    pathname.startsWith('/auth')
  ) {
    return NextResponse.next({
      request: {
        headers: requestHeaders,
      },
    });
  }

  // 5. Auth Check (existence)
  // For all other routes, check for is the auth creds exists or not.
  const hasSession = request.cookies.has('auth_sid') && request.cookies.has('auth_skey');
  const hasAccount = request.cookies.has('auth_aid');

  if (!hasSession || !hasAccount) {
    const url = request.nextUrl.clone();
    url.pathname = '/auth/start';
    if (pathname !== '/') {
      const backTo = pathname + request.nextUrl.search;
      url.searchParams.set('redirects', backTo);
      request.nextUrl.searchParams.forEach((value, key) => {
        if (key !== 'redirects') {
          url.searchParams.set(key, value);
        }
      });
    }
    return NextResponse.redirect(url);
  }

  // 6. Continue
  return NextResponse.next({
    request: {
      headers: requestHeaders,
    },
  });
}

export const config = {
  matcher: [
    /*
     * Match all request paths except for the ones starting with:
     * - _next/static (static files)
     * - _next/image (image optimization files)
     * - favicon.ico (favicon file)
     */
    '/((?!_next/static|_next/image|favicon.ico).*)',
  ],
};