link-stack/apps/link/middleware.ts

import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
import { withAuth } from "next-auth/middleware";
import { getToken } from "next-auth/jwt";

const rewriteURL = (request: NextRequest, originBaseURL: string, destinationBaseURL: string, headers: any = {}) => {
  if (request.nextUrl.pathname.includes('/_next/static/development/')) {
    return NextResponse.next();
  }

  const destinationURL = request.url.replace(originBaseURL, destinationBaseURL);
  console.log(`Rewriting ${request.url} to ${destinationURL}`);

  return NextResponse.rewrite(new URL(destinationURL), { ...request.headers, ...headers });
};

const checkRewrites = async (request: NextRequest) => {
  if (request.nextUrl.pathname.startsWith('/proxy/leafcutter')) {
    return rewriteURL(request, process.env.LINK_URL, process.env.LEAFCUTTER_URL);
  } else if (request.nextUrl.pathname.startsWith('/proxy/metamigo')) {
    return rewriteURL(request, process.env.LINK_URL, process.env.METAMIGO_URL);
  } else if (request.nextUrl.pathname.startsWith('/proxy/zammad')) {
    const session = await getToken({
      req: request,
      secret: process.env.NEXTAUTH_SECRET,
    });
    const headers = {
      'X-Forwarded-User': session.email.toLowerCase(),
      host: 'zammad.example.com'
    };

    return rewriteURL(request, `${process.env.LINK_URL}/proxy/zammad`, process.env.ZAMMAD_URL, headers);
  } else if (request.nextUrl.pathname.startsWith('/assets')) {
    console.log('asset');
    return rewriteURL(request, `${process.env.LINK_URL}`, process.env.ZAMMAD_URL);
  } else if (request.nextUrl.pathname.startsWith('/proxy/assets') || request.nextUrl.pathname.startsWith('/proxy/api')) {
    console.log('proxy asset');
    return rewriteURL(request, `${process.env.LINK_URL}/proxy`, process.env.ZAMMAD_URL);
  }
};

export default withAuth(
  checkRewrites,
  {
    pages: {
      signIn: `/login`,
    },
    callbacks: {
      authorized: ({ token, req }) => {
        const {
          url,
          headers,
        } = req;

        // check login page
        const parsedURL = new URL(url);
        if (parsedURL.pathname.startsWith('/login')) {
          return true;
        }

        // check session auth
        const authorizedDomains = ["redaranj.com", "digiresilience.org"];
        const userDomain = token?.email?.toLowerCase().split("@").pop() ?? "unauthorized.net";

        if (authorizedDomains.includes(userDomain)) {
          return true;
        }

        return false;
      },
    }
  }
);
Use NextJS middleware for proxying 2023-05-30 09:05:40 +00:00			`import { NextResponse } from 'next/server';`
			`import type { NextRequest } from 'next/server';`
Build and type fixes 2023-05-24 20:27:57 +00:00			`import { withAuth } from "next-auth/middleware";`
Use NextJS middleware for proxying 2023-05-30 09:05:40 +00:00			`import { getToken } from "next-auth/jwt";`

			`const rewriteURL = (request: NextRequest, originBaseURL: string, destinationBaseURL: string, headers: any = {}) => {`
			`if (request.nextUrl.pathname.includes('/_next/static/development/')) {`
			`return NextResponse.next();`
			`}`

			`const destinationURL = request.url.replace(originBaseURL, destinationBaseURL);`
			console.log(`Rewriting ${request.url} to ${destinationURL}`);

			`return NextResponse.rewrite(new URL(destinationURL), { ...request.headers, ...headers });`
			`};`

			`const checkRewrites = async (request: NextRequest) => {`
			`if (request.nextUrl.pathname.startsWith('/proxy/leafcutter')) {`
			`return rewriteURL(request, process.env.LINK_URL, process.env.LEAFCUTTER_URL);`
			`} else if (request.nextUrl.pathname.startsWith('/proxy/metamigo')) {`
			`return rewriteURL(request, process.env.LINK_URL, process.env.METAMIGO_URL);`
			`} else if (request.nextUrl.pathname.startsWith('/proxy/zammad')) {`
			`const session = await getToken({`
			`req: request,`
			`secret: process.env.NEXTAUTH_SECRET,`
			`});`
			`const headers = {`
			`'X-Forwarded-User': session.email.toLowerCase(),`
			`host: 'zammad.example.com'`
			`};`

			return rewriteURL(request, `${process.env.LINK_URL}/proxy/zammad`, process.env.ZAMMAD_URL, headers);
			`} else if (request.nextUrl.pathname.startsWith('/assets')) {`
			`console.log('asset');`
			return rewriteURL(request, `${process.env.LINK_URL}`, process.env.ZAMMAD_URL);
			`} else if (request.nextUrl.pathname.startsWith('/proxy/assets') \|\| request.nextUrl.pathname.startsWith('/proxy/api')) {`
			`console.log('proxy asset');`
			return rewriteURL(request, `${process.env.LINK_URL}/proxy`, process.env.ZAMMAD_URL);
			`}`
			`};`
Build and type fixes 2023-05-24 20:27:57 +00:00
			`export default withAuth(`
Use NextJS middleware for proxying 2023-05-30 09:05:40 +00:00			`checkRewrites,`
Build and type fixes 2023-05-24 20:27:57 +00:00			`{`
			`pages: {`
			signIn: `/login`,
			`},`
			`callbacks: {`
			`authorized: ({ token, req }) => {`
			`const {`
			`url,`
			`headers,`
			`} = req;`

			`// check login page`
			`const parsedURL = new URL(url);`
			`if (parsedURL.pathname.startsWith('/login')) {`
			`return true;`
			`}`

			`// check session auth`
			`const authorizedDomains = ["redaranj.com", "digiresilience.org"];`
			`const userDomain = token?.email?.toLowerCase().split("@").pop() ?? "unauthorized.net";`

Make all versions of next and react match 2023-05-25 06:30:36 +00:00			`if (authorizedDomains.includes(userDomain)) {`
			`return true;`
			`}`

Build and type fixes 2023-05-24 20:27:57 +00:00			`return false;`
			`},`
			`}`
			`}`
			`);`
Use NextJS middleware for proxying 2023-05-30 09:05:40 +00:00