-
-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathproxy.ts
More file actions
51 lines (42 loc) · 1.48 KB
/
proxy.ts
File metadata and controls
51 lines (42 loc) · 1.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";
import { proxyAuthCheck } from "@/lib/auth";
import { isDemoMode } from "@/lib/demo";
// HTTP methods that modify data
const MUTATION_METHODS = ["POST", "PUT", "DELETE", "PATCH"];
// API routes allowed even in demo mode
const DEMO_ALLOWED_ROUTES = ["/api/auth/login", "/api/auth/logout", "/api/auth/status"];
export function proxy(request: NextRequest) {
const { pathname } = request.nextUrl;
// Skip static assets - anything with a file extension except .json
if (pathname.match(/\.\w+$/) && !pathname.endsWith('.json')) {
return NextResponse.next();
}
// Skip Next.js internals
if (pathname.startsWith('/_next')) {
return NextResponse.next();
}
// Demo mode: block mutation requests on API routes
if (isDemoMode() && MUTATION_METHODS.includes(request.method) && pathname.startsWith("/api/")) {
// Allow whitelisted routes
if (DEMO_ALLOWED_ROUTES.some((route) => pathname.startsWith(route))) {
return NextResponse.next();
}
// Block all other mutations with a friendly error
return NextResponse.json(
{
error: "This is a read-only demo. Changes are not saved.",
demo: true,
},
{ status: 403 }
);
}
const authResult = proxyAuthCheck(request);
if (authResult) {
return authResult;
}
return NextResponse.next();
}
export const config = {
matcher: '/:path*', // Match everything, exclusions handled above
};