31 lines
1011 B
TypeScript
31 lines
1011 B
TypeScript
/**
|
|
* Next.js middleware to protect admin routes.
|
|
* - Runs for paths matched by the config `matcher` (see bottom).
|
|
* - Checks for the `refreshToken` cookie; if missing, redirects to `/login` before any page renders.
|
|
* - No manual import/use needed—Next.js automatically executes this for matching requests.
|
|
*/
|
|
import { NextRequest, NextResponse } from 'next/server'
|
|
|
|
// Move accessToken to HttpOnly cookie in future for better security
|
|
// Backend sets 'refreshToken' cookie on login; use it as auth presence
|
|
const AUTH_COOKIES = ['refreshToken']
|
|
|
|
export function middleware(req: NextRequest) {
|
|
const { pathname } = req.nextUrl
|
|
|
|
// Only guard admin routes
|
|
if (pathname.startsWith('/admin')) {
|
|
const hasAuthCookie = AUTH_COOKIES.some((name) => !!req.cookies.get(name)?.value)
|
|
if (!hasAuthCookie) {
|
|
const loginUrl = new URL('/login', req.url)
|
|
return NextResponse.redirect(loginUrl)
|
|
}
|
|
}
|
|
|
|
return NextResponse.next()
|
|
}
|
|
|
|
export const config = {
|
|
matcher: ['/admin/:path*'],
|
|
}
|