forked from sininspira2/ResourceTracker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmiddleware.ts
More file actions
54 lines (48 loc) · 1.4 KB
/
middleware.ts
File metadata and controls
54 lines (48 loc) · 1.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
import { withAuth } from "next-auth/middleware";
import {
hasResourceAccess,
hasUserManagementAccess,
} from "./lib/discord-roles";
// Define a type for the token's permissions for clarity
interface TokenPermissions {
hasResourceAccess?: boolean;
hasUserManagementAccess?: boolean;
}
export default withAuth({
callbacks: {
authorized: ({ token, req }) => {
if (!token) {
return false;
}
const { pathname } = req.nextUrl;
const permissions = token.permissions as TokenPermissions | undefined;
// New logic for agent-based auth (direct permissions)
if (permissions) {
if (
pathname.startsWith("/users") ||
pathname.startsWith("/api/users")
) {
return permissions.hasUserManagementAccess ?? false;
}
return permissions.hasResourceAccess ?? false;
}
// Fallback to original logic for Discord-based auth (role-based)
const userRoles = (token.userRoles as string[]) || [];
if (pathname.startsWith("/users") || pathname.startsWith("/api/users")) {
return hasUserManagementAccess(userRoles);
}
return hasResourceAccess(userRoles);
},
},
});
export const config = {
matcher: [
"/dashboard/:path*",
"/resources/:path*",
"/users/:path*",
"/api/resources/:path*",
"/api/user/:path*",
"/api/users/:path*",
"/api/internal/:path*",
],
};