gitadmin/ArchiTools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f1f4dc097e8d538a70592050dddf515ea3da4540
ArchiTools/src/middleware.ts
T
AI Assistant f1f4dc097e fix(portal): full-screen overlay + redirect portal-only users 
Portal layout: removed conflicting (portal)/layout.tsx that had
duplicate html/body tags. Portal page now uses fixed overlay
(z-[100]) that covers the entire screen including sidebar.

Middleware: portal-only users (dan.tiurbe) are automatically
redirected from any non-portal route to /portal. They can still
access /api/ and /auth/ routes normally.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 00:49:44 +02:00

64 lines
2.3 KiB
TypeScript
Raw Blame History

import { getToken } from "next-auth/jwt";
import { NextRequest, NextResponse } from "next/server";
export async function middleware(request: NextRequest) {
// In development, skip auth enforcement (dev stub user handles it)
if (process.env.NODE_ENV === "development") {
return NextResponse.next();
}
const token = await getToken({
req: request,
secret: process.env.NEXTAUTH_SECRET,
});
// Authenticated — check for portal-only users
if (token) {
const { pathname } = request.nextUrl;
// Portal-only users: redirect to /portal when accessing main app
const portalUsers = ["dan.tiurbe", "tiurbe"];
const tokenEmail = String(token.email ?? "").toLowerCase();
const tokenName = String(token.name ?? "").toLowerCase();
const isPortalUser = portalUsers.some(
(u) => tokenEmail.includes(u) || tokenName.includes(u),
);
if (isPortalUser && !pathname.startsWith("/portal") && !pathname.startsWith("/api/") && !pathname.startsWith("/auth/")) {
const baseUrl = process.env.NEXTAUTH_URL || "https://tools.beletage.ro";
return NextResponse.redirect(new URL("/portal", baseUrl));
}
return NextResponse.next();
}
const { pathname } = request.nextUrl;
// API routes: return 401 JSON instead of redirect
if (pathname.startsWith("/api/")) {
return NextResponse.json(
{ error: "Authentication required" },
{ status: 401 },
);
}
// Use NEXTAUTH_URL as base (request.url uses container's internal 0.0.0.0:3000)
const baseUrl = process.env.NEXTAUTH_URL || "https://tools.beletage.ro";
const callbackUrl = `${baseUrl}${pathname}${request.nextUrl.search}`;
// Redirect to custom sign-in page (auto-forwards to Authentik)
const signInUrl = new URL("/auth/signin", baseUrl);
signInUrl.searchParams.set("callbackUrl", callbackUrl);
return NextResponse.redirect(signInUrl);
}
export const config = {
matcher: [
/*
* Match all paths EXCEPT:
* - /api/auth/* (NextAuth endpoints — must be public for login flow)
* - /_next/* (Next.js internals: static files, HMR, chunks)
* - /favicon.ico, /robots.txt, /sitemap.xml
* - Files with extensions (images, fonts, etc.)
*/
"/((?!api/auth|api/notifications/digest|api/compress-pdf|api/address-book|api/projects|auth/signin|_next|favicon\\.ico|robots\\.txt|sitemap\\.xml|.*\\..*).*)",
],
};
Reference in New Issue View Git Blame Copy Permalink