link-stack/apps/link/middleware.ts

import { NextResponse } from 'next/server';
import { withAuth, NextRequestWithAuth } from "next-auth/middleware";

const rewriteURL = (request: NextRequestWithAuth, originBaseURL: string, destinationBaseURL: string, headers: any = {}) => {
  if (request.nextUrl.protocol.startsWith('ws')) {
    return NextResponse.next();
  }

  if (request.nextUrl.pathname.includes('/_next/static/development/')) {
    return NextResponse.next();
  }

  const destinationURL = request.url.replace(originBaseURL, destinationBaseURL);
  console.log(`Rewriting ${request.url} to ${destinationURL}`);

  const requestHeaders = new Headers(request.headers);
  for (const [key, value] of Object.entries(headers)) {
    // @ts-ignore
    requestHeaders.set(key, value);
  }

  requestHeaders.delete('connection');

  return NextResponse.rewrite(new URL(destinationURL), { request: { headers: requestHeaders } });
};

const checkRewrites = async (request: NextRequestWithAuth) => {
  const linkBaseURL = process.env.LINK_URL ?? "http://localhost:3000";
  const zammadURL = process.env.ZAMMAD_URL ?? "http://zammad-nginx:8080";
  const leafcutterURL = process.env.LEAFCUTTER_URL ?? "https://lc.digiresilience.org";
  const metamigoURL = process.env.METAMIGO_URL ?? "http://metamigo-frontend:3000";
  const labelStudioURL = process.env.LABEL_STUDIO_URL ?? "http://label-studio:8080";

  if (request.nextUrl.pathname.startsWith('/proxy/leafcutter')) {
    const headers = { 'X-Leafcutter-Embedded': "true" };
    return rewriteURL(request, `${linkBaseURL}/proxy/leafcutter`, leafcutterURL, headers);
  } else if (request.nextUrl.pathname.startsWith('/proxy/metamigo')) {
    return rewriteURL(request, `${linkBaseURL}/proxy/metamigo`, metamigoURL);
  } else if (request.nextUrl.pathname.startsWith('/proxy/label-studio')) {
    return rewriteURL(request, `${linkBaseURL}/proxy/label-studio`, labelStudioURL);
  } else if (request.nextUrl.pathname.startsWith('/proxy/zammad')) {
    const { token } = request.nextauth;
    const headers = { 'X-Forwarded-User': token.email.toLowerCase() };
    return rewriteURL(request, `${linkBaseURL}/proxy/zammad`, zammadURL, headers);
  } else if (request.nextUrl.pathname.startsWith('/proxy/api')) {
    return rewriteURL(request, `${linkBaseURL}/proxy`, zammadURL);
  } else if (request.nextUrl.pathname.startsWith('/api/v1')) {
    return rewriteURL(request, linkBaseURL, zammadURL);
  }
};

export default withAuth(
  checkRewrites,
  {
    pages: {
      signIn: `/login`,
    },
    callbacks: {
      authorized: ({ token, req }) => {
        const {
          url,
        } = req;

        // check login page
        const parsedURL = new URL(url);
        if (parsedURL.pathname.startsWith('/login')) {
          return true;
        }

        // check session auth
        const authorizedDomains = ["redaranj.com", "digiresilience.org", "sr2.uk"];
        const userDomain = token?.email?.toLowerCase().split("@").pop() ?? "unauthorized.net";

        if (authorizedDomains.includes(userDomain)) {
          return true;
        }

        return false;
      },
    }
  }
);
Use NextJS middleware for proxying 2023-05-30 09:05:40 +00:00			`import { NextResponse } from 'next/server';`
Changes from live 2023-06-05 14:48:23 +00:00			`import { withAuth, NextRequestWithAuth } from "next-auth/middleware";`
Use NextJS middleware for proxying 2023-05-30 09:05:40 +00:00
Update and fix missing dependencies 2023-06-14 06:33:06 +00:00			`const rewriteURL = (request: NextRequestWithAuth, originBaseURL: string, destinationBaseURL: string, headers: any = {}) => {`
Cleanup live changes 2023-06-05 15:00:46 +00:00			`if (request.nextUrl.protocol.startsWith('ws')) {`
			`return NextResponse.next();`
			`}`

Use NextJS middleware for proxying 2023-05-30 09:05:40 +00:00			`if (request.nextUrl.pathname.includes('/_next/static/development/')) {`
			`return NextResponse.next();`
			`}`

			`const destinationURL = request.url.replace(originBaseURL, destinationBaseURL);`
			console.log(`Rewriting ${request.url} to ${destinationURL}`);

Cleanup live changes 2023-06-05 15:00:46 +00:00			`const requestHeaders = new Headers(request.headers);`
			`for (const [key, value] of Object.entries(headers)) {`
			`// @ts-ignore`
			`requestHeaders.set(key, value);`
			`}`
Changes from live 2023-06-05 14:48:23 +00:00
Cleanup live changes 2023-06-05 15:00:46 +00:00			`requestHeaders.delete('connection');`
Changes from live 2023-06-05 14:48:23 +00:00
			`return NextResponse.rewrite(new URL(destinationURL), { request: { headers: requestHeaders } });`
Use NextJS middleware for proxying 2023-05-30 09:05:40 +00:00			`};`

Changes from live 2023-06-05 14:48:23 +00:00			`const checkRewrites = async (request: NextRequestWithAuth) => {`
Cleanup live changes 2023-06-05 15:00:46 +00:00			`const linkBaseURL = process.env.LINK_URL ?? "http://localhost:3000";`
			`const zammadURL = process.env.ZAMMAD_URL ?? "http://zammad-nginx:8080";`
Updates for Zammad 6 2023-07-11 10:05:52 +00:00			`const leafcutterURL = process.env.LEAFCUTTER_URL ?? "https://lc.digiresilience.org";`
			`const metamigoURL = process.env.METAMIGO_URL ?? "http://metamigo-frontend:3000";`
Middleware proxy updates 2023-07-21 12:26:02 +00:00			`const labelStudioURL = process.env.LABEL_STUDIO_URL ?? "http://label-studio:8080";`
Changes from live 2023-06-05 14:48:23 +00:00
Use NextJS middleware for proxying 2023-05-30 09:05:40 +00:00			`if (request.nextUrl.pathname.startsWith('/proxy/leafcutter')) {`
Docker Compose refactoring 2023-06-21 12:48:07 +00:00			`const headers = { 'X-Leafcutter-Embedded': "true" };`
Middleware proxy updates 2023-07-21 12:26:02 +00:00			return rewriteURL(request, `${linkBaseURL}/proxy/leafcutter`, leafcutterURL, headers);
Use NextJS middleware for proxying 2023-05-30 09:05:40 +00:00			`} else if (request.nextUrl.pathname.startsWith('/proxy/metamigo')) {`
Middleware proxy updates 2023-07-21 12:26:02 +00:00			return rewriteURL(request, `${linkBaseURL}/proxy/metamigo`, metamigoURL);
			`} else if (request.nextUrl.pathname.startsWith('/proxy/label-studio')) {`
			return rewriteURL(request, `${linkBaseURL}/proxy/label-studio`, labelStudioURL);
Use NextJS middleware for proxying 2023-05-30 09:05:40 +00:00			`} else if (request.nextUrl.pathname.startsWith('/proxy/zammad')) {`
Changes from live 2023-06-05 14:48:23 +00:00			`const { token } = request.nextauth;`
Middleware proxy updates 2023-07-21 12:26:02 +00:00			`const headers = { 'X-Forwarded-User': token.email.toLowerCase() };`
Changes from live 2023-06-05 14:48:23 +00:00			return rewriteURL(request, `${linkBaseURL}/proxy/zammad`, zammadURL, headers);
			`} else if (request.nextUrl.pathname.startsWith('/proxy/api')) {`
			return rewriteURL(request, `${linkBaseURL}/proxy`, zammadURL);
Middleware proxy updates 2023-07-21 12:26:02 +00:00			`} else if (request.nextUrl.pathname.startsWith('/api/v1')) {`
			`return rewriteURL(request, linkBaseURL, zammadURL);`
Use NextJS middleware for proxying 2023-05-30 09:05:40 +00:00			`}`
			`};`
Build and type fixes 2023-05-24 20:27:57 +00:00
			`export default withAuth(`
Use NextJS middleware for proxying 2023-05-30 09:05:40 +00:00			`checkRewrites,`
Build and type fixes 2023-05-24 20:27:57 +00:00			`{`
			`pages: {`
			signIn: `/login`,
			`},`
			`callbacks: {`
			`authorized: ({ token, req }) => {`
			`const {`
			`url,`
			`} = req;`

			`// check login page`
			`const parsedURL = new URL(url);`
			`if (parsedURL.pathname.startsWith('/login')) {`
			`return true;`
			`}`

			`// check session auth`
Add SR2 to domain allow list 2023-07-19 14:02:08 +00:00			`const authorizedDomains = ["redaranj.com", "digiresilience.org", "sr2.uk"];`
Build and type fixes 2023-05-24 20:27:57 +00:00			`const userDomain = token?.email?.toLowerCase().split("@").pop() ?? "unauthorized.net";`

Make all versions of next and react match 2023-05-25 06:30:36 +00:00			`if (authorizedDomains.includes(userDomain)) {`
			`return true;`
			`}`

Build and type fixes 2023-05-24 20:27:57 +00:00			`return false;`
			`},`
			`}`
			`}`
			`);`