-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmiddleware.ts
More file actions
62 lines (50 loc) · 1.69 KB
/
middleware.ts
File metadata and controls
62 lines (50 loc) · 1.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
import { NextRequest, NextResponse } from 'next/server';
import { jwtVerify } from 'jose';
import { validateEnvVars } from '@/lib/config/env';
// Validar variables de entorno en startup
validateEnvVars();
const COOKIE_NAME = 'pollo_session';
/**
* Middleware para proteger rutas autenticadas
* - Verifica que la sesión sea válida
* - Redirige a /access si no hay sesión o es inválida
*/
export async function middleware(request: NextRequest) {
const { pathname } = request.nextUrl;
// NO aplicar a rutas de API
if (pathname.startsWith('/api')) {
return NextResponse.next();
}
// Proteger rutas /dashboard* y /lists/*
if (!pathname.startsWith('/dashboard') && !pathname.startsWith('/lists')) {
return NextResponse.next();
}
// Obtener cookie de sesión
const token = request.cookies.get(COOKIE_NAME)?.value;
if (!token) {
// Sin sesión, redirigir a /access
return NextResponse.redirect(new URL('/access', request.url));
}
// Verificar sesión
try {
const secret = process.env.JWT_SECRET;
if (!secret) {
throw new Error('JWT_SECRET not configured');
}
const secretBytes = new TextEncoder().encode(secret);
const verified = await jwtVerify(token, secretBytes);
const payload = verified.payload as { workspaceId?: string };
if (!payload.workspaceId) {
throw new Error('Invalid token payload');
}
// Sesión válida, continuar
return NextResponse.next();
} catch (error) {
// Sesión inválida, redirigir a /access
return NextResponse.redirect(new URL('/access', request.url));
}
}
// Configurar qué rutas aplica el middleware
export const config = {
matcher: ['/dashboard/:path*', '/lists/:path*'],
};