refactor: handle authentication state in middleware

2023-02-04 18:12:49 +01:00
parent 064ef38d78
commit 4e840ecd29
17 changed files with 511 additions and 474 deletions
--- a/frontend/src/middleware.ts
+++ b/frontend/src/middleware.ts
@@ -0,0 +1,111 @@
+import jwtDecode from "jwt-decode";
+import { NextRequest, NextResponse } from "next/server";
+import configService from "./services/config.service";
+
+// This middleware redirects based on different conditions:
+// - Authentication state
+// - Setup status
+// - Admin privileges
+
+export const config = {
+  matcher: "/((?!api|static|.*\\..*|_next).*)",
+};
+
+export async function middleware(request: NextRequest) {
+  // Get config from backend
+  const config = await (
+    await fetch("http://localhost:8080/api/configs")
+  ).json();
+
+  const getConfig = (key: string) => {
+    return configService.get(key, config);
+  };
+
+  const containsRoute = (routes: string[], url: string) => {
+    for (const route of routes) {
+      if (new RegExp("^" + route.replace(/\*/g, ".*") + "$").test(url))
+        return true;
+    }
+    return false;
+  };
+
+  const route = request.nextUrl.pathname;
+  let user: { isAdmin: boolean } | null = null;
+  const accessToken = request.cookies.get("access_token")?.value;
+
+  try {
+    const claims = jwtDecode<{ exp: number; isAdmin: boolean }>(
+      accessToken as string
+    );
+    if (claims.exp * 1000 > Date.now()) {
+      user = claims;
+    }
+  } catch {
+    user = null;
+  }
+
+  const unauthenticatedRoutes = ["/auth/signIn", "/"];
+  let publicRoutes = ["/share/*", "/upload/*"];
+  const setupStatusRegisteredRoutes = ["/auth/*", "/admin/setup"];
+  const adminRoutes = ["/admin/*"];
+  const accountRoutes = ["/account/*"];
+
+  if (getConfig("ALLOW_REGISTRATION")) {
+    unauthenticatedRoutes.push("/auth/signUp");
+  }
+
+  if (getConfig("ALLOW_UNAUTHENTICATED_SHARES")) {
+    publicRoutes = ["*"];
+  }
+
+  const isPublicRoute = containsRoute(publicRoutes, route);
+  const isUnauthenticatedRoute = containsRoute(unauthenticatedRoutes, route);
+  const isAdminRoute = containsRoute(adminRoutes, route);
+  const isAccountRoute = containsRoute(accountRoutes, route);
+  const isSetupStatusRegisteredRoute = containsRoute(
+    setupStatusRegisteredRoutes,
+    route
+  );
+
+  // prettier-ignore
+  const rules = [
+    // Setup status
+    {
+      condition: getConfig("SETUP_STATUS") == "STARTED" && route != "/auth/signUp",
+      path: "/auth/signUp",
+    },
+    {
+      condition: getConfig("SETUP_STATUS") == "REGISTERED" && !isSetupStatusRegisteredRoute,
+      path: user ? "/admin/setup" : "/auth/signIn",
+    },
+     // Authenticated state
+     {
+      condition: user && isUnauthenticatedRoute,
+      path: "/upload",
+    },
+    // Unauthenticated state
+    {
+      condition: !user && !isPublicRoute && !isUnauthenticatedRoute,
+      path: "/auth/signIn",
+    },
+    {
+      condition: !user && isAccountRoute,
+      path: "/upload",
+    },
+    // Admin privileges
+    {
+      condition: isAdminRoute && !user?.isAdmin,
+      path: "/upload",
+    },
+    // Home page
+    {
+      condition: (!getConfig("SHOW_HOME_PAGE") || user) && route == "/",
+      path: "/upload",
+    },
+  ];
+
+  for (const rule of rules) {
+    if (rule.condition)
+      return NextResponse.redirect(new URL(rule.path, request.url));
+  }
+}