-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathproxy.js
More file actions
63 lines (53 loc) · 2.42 KB
/
proxy.js
File metadata and controls
63 lines (53 loc) · 2.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
import { NextResponse } from 'next/server';
import db from './lib/db';
// The function is named `proxy` as per Next.js v16+ convention
export function proxy(request) {
const publicPaths = [
'/access-vault',
'/api/access-vault'
];
const pathname = request.nextUrl.pathname;
// Skip proxy for static assets
if (pathname.startsWith('/_next/') || pathname.startsWith('/static/') || pathname.endsWith('.ico') || pathname.endsWith('.css')) {
return NextResponse.next();
}
let isPinEnabled = false;
let serverSessionId = null;
try {
const pinSetting = db.prepare('SELECT value FROM settings WHERE key = ?').get('securityPinEnabled');
isPinEnabled = pinSetting?.value === 'true';
const sessionSetting = db.prepare('SELECT value FROM settings WHERE key = ?').get('server_session_id');
serverSessionId = sessionSetting?.value;
} catch (error) {
console.error('Proxy DB Error:', error);
// TEMPORARY FIX: Fail open so you can access your app.
// The DB check is failing, likely due to runtime environment issues.
isPinEnabled = false;
}
const sessionCookie = request.cookies.get('journal-session');
const isAccessingPublicPath = publicPaths.some(p => pathname.startsWith(p));
// Redirect to access-vault if PIN is enabled and:
// 1. No session cookie exists OR
// 2. Session cookie does not match current server instance (server restarted)
if (isPinEnabled && (!sessionCookie || sessionCookie.value !== serverSessionId) && !isAccessingPublicPath) {
return NextResponse.redirect(new URL('/access-vault', request.url));
}
// Redirect away from access-vault if already authenticated
if (sessionCookie && sessionCookie.value === serverSessionId && isAccessingPublicPath) {
return NextResponse.redirect(new URL('/diary', request.url));
}
return NextResponse.next();
}
// Configure which routes the proxy should run on
export const config = {
matcher: [
/*
* Match all request paths except for the ones starting with:
* - _next/static (static files)
* - _next/image (image optimization files)
* - favicon.ico, sitemap, robots (metadata files)
* - static assets (svg, png, jpg, etc.)
*/
'/((?!_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico|css|js)$).*)',
],
};