Skip to content

Commit

Permalink
Merge branch 'main' into review-packs
Browse files Browse the repository at this point in the history
  • Loading branch information
@Woofer21
Woofer21 committed Dec 26, 2024
2 parents 9b180c1 + ffd00d3 commit a0ec9b3
Showing 1 changed file with 102 additions and 111 deletions.
213 changes: 102 additions & 111 deletions middleware.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,126 +3,117 @@ import { getAuthTokenOrNull } from '@/helpers/oauth/helpers'
import { type NextRequest, NextResponse } from 'next/server'
import ALLOWED_ADMIN_IDS from './data/reviewers.json'

type RouteConfig = {
requiresAuth: boolean
requiresAdmin: boolean
rateLimitType?: 'default' | 'create' | null
}

const ROUTE_CONFIGS: Record<string, RouteConfig> = {
'/api/packs': {
requiresAuth: false,
requiresAdmin: false,
rateLimitType: 'default'
},
'/api/packs/create': {
requiresAuth: true,
requiresAdmin: false,
rateLimitType: 'create'
},
'/api/packs/review': {
requiresAuth: true,
requiresAdmin: true,
rateLimitType: null
},
'/packs/create': {
requiresAuth: true,
requiresAdmin: false,
rateLimitType: null
},
'/packs/review': {
requiresAuth: true,
requiresAdmin: true,
rateLimitType: null
}
}

export async function middleware(request: NextRequest) {
const { pathname } = request.nextUrl
const method = request.method
const ip = request.ip ?? '127.0.0.1'

const routeConfig = Object.entries(ROUTE_CONFIGS).find(([route]) =>
pathname.startsWith(route)
)?.[1] ?? {
requiresAuth: true,
requiresAdmin: false,
rateLimitType: null
}
const { pathname } = request.nextUrl
const method = request.method
const ip = request.ip ?? '127.0.0.1'
const authToken = await getAuthTokenOrNull(
request.headers.get('Authorization') ?? undefined
)

if (method === 'GET' && !routeConfig.requiresAuth) {
if (routeConfig.rateLimitType === 'default') {
const { success } = await defaultRateLimiter.limit(ip)
if (!success) {
return NextResponse.json(
{
success: false,
error: 'Rate limit exceeded, please wait a bit before trying again!'
},
{ status: 429 }
)
}
}
return NextResponse.next()
}
switch (pathname) {
case '/packs/create': {
if (!authToken) {
const url = request.nextUrl.clone()
url.pathname = '/login'
return NextResponse.rewrite(url)
}
return NextResponse.next()
}

const authToken = await getAuthTokenOrNull(
request.headers.get('Authorization') ?? undefined
)
case '/packs/review': {
if (!authToken) {
const url = request.nextUrl.clone()
url.pathname = '/login'
return NextResponse.rewrite(url)
}

if (!ALLOWED_ADMIN_IDS.includes(authToken.payload.id)) {
return NextResponse.json(
{ success: false, error: 'Forbidden - Admin access required' },
{ status: 403 }
)
}
return NextResponse.next()
}

if (routeConfig.requiresAuth && !authToken) {
if (pathname.includes('/packs/')) {
const url = request.nextUrl.clone()
url.pathname = '/login'
return NextResponse.rewrite(url)
}
return NextResponse.json(
{ success: false, error: 'Unauthorized' },
{ status: 401 }
)
}
case '/api/packs/create': {
if (!authToken) {
return NextResponse.json(
{ success: false, error: 'Unauthorized' },
{ status: 401 }
)
}

if (routeConfig.requiresAdmin && authToken) {
const userId = authToken.payload.id
if (!ALLOWED_ADMIN_IDS.includes(userId)) {
return NextResponse.json(
{ success: false, error: 'Forbidden - Admin access required' },
{ status: 403 }
)
}
}
if (method === 'POST') {
const { success: successID } = await createRateLimiter.limit(
authToken.payload.id
)
const { success: successIP } = await createRateLimiter.limit(ip)

if (!successID || !successIP) {
return NextResponse.json(
{
success: false,
error: 'Rate limit exceeded, please wait a bit before trying again!'
},
{ status: 429 }
)
}
}
return NextResponse.next()
}

if (
method === 'POST' &&
routeConfig.rateLimitType === 'create' &&
authToken
) {
const { success: successID } = await createRateLimiter.limit(
authToken.payload.id
)
const { success: successIP } = await createRateLimiter.limit(ip)
case '/api/packs/review': {
if (!authToken) {
return NextResponse.json(
{ success: false, error: 'Unauthorized' },
{ status: 401 }
)
}

if (!successID || !successIP) {
return NextResponse.json(
{
success: false,
error: 'Rate limit exceeded, please wait a bit before trying again!'
},
{ status: 429 }
)
}
}
if (!ALLOWED_ADMIN_IDS.includes(authToken.payload.id)) {
return NextResponse.json(
{ success: false, error: 'Forbidden - Admin access required' },
{ status: 403 }
)
}
return NextResponse.next()
}

return NextResponse.next()
default: {
// Handle /api/packs and other routes
if (pathname.startsWith('/api/packs')) {
if (method === 'GET') {
const { success } = await defaultRateLimiter.limit(ip)
if (!success) {
return NextResponse.json(
{
success: false,
error: 'Rate limit exceeded, please wait a bit before trying again!'
},
{ status: 429 }
)
}
} else if (!authToken) {
return NextResponse.json(
{ success: false, error: 'Unauthorized' },
{ status: 401 }
)
}
}
return NextResponse.next()
}
}
}

export const config = {
matcher: [
'/packs/create',
'/api/packs/review',
'/api/packs',
'/api/packs/:path*',
'/api/packs/review/:path*',
'/packs/review'
]
matcher: [
'/packs/create',
'/api/packs/review',
'/api/packs',
'/api/packs/:path*',
'/api/packs/review/:path*',
'/packs/review'
]
}

0 comments on commit a0ec9b3

Please sign in to comment.