46ebbbba8f
First steps towards the SAS partnership * otp flow now pretends to do the linking * Update LinkAccountForm header * Update redirect times * Clean up comments * Set maxAge on sas cookies * make all SAS routes protected * Merge remote-tracking branch 'refs/remotes/origin/feature/sas-login' into feature/sas-login * Require auth for sas link flow * Fix resend otp * Add error support to OneTimePasswordForm * Add Sentry to SAS error boundary * Move SAS_REQUEST_OTP_STATE_STORAGE_COOKIE_NAME * Add missing translations * Merge branch 'master' of bitbucket.org:scandic-swap/web into feature/sas-login * Merge branch 'feature/sas-login' of bitbucket.org:scandic-swap/web into feature/sas-login * Add TooManyCodesError component * Refactor GenericError to support new errors * Add FailedAttemptsError * remove removed component <VWOScript/> * Merge branch 'feature/sas-login' of bitbucket.org:scandic-swap/web into feature/sas-login * remove local cookie-bot reference * Fix sas campaign logo scaling * feature toggle the SAS stuff * Merge branch 'feature/sas-login' of bitbucket.org:scandic-swap/web into feature/sas-login * fix: use env vars for SAS endpoints Approved-by: Linus Flood
70 lines
2.0 KiB
TypeScript
70 lines
2.0 KiB
TypeScript
import { headers } from "next/headers"
|
|
import { redirect } from "next/navigation"
|
|
|
|
import { overview } from "@/constants/routes/myPages"
|
|
import { getProfile } from "@/lib/trpc/memoizedRequests"
|
|
|
|
import { auth } from "@/auth"
|
|
import { getIntl } from "@/i18n"
|
|
import { getLang } from "@/i18n/serverContext"
|
|
|
|
export async function ProtectedLayout({ children }: React.PropsWithChildren) {
|
|
const intl = await getIntl()
|
|
const session = await auth()
|
|
/**
|
|
* Fallback to make sure every route nested in the
|
|
* protected route group is actually protected.
|
|
*/
|
|
const h = headers()
|
|
const redirectTo = encodeURIComponent(
|
|
h.get("x-url") ?? h.get("x-pathname") ?? overview[getLang()]
|
|
)
|
|
|
|
const redirectURL = `/${getLang()}/login?redirectTo=${redirectTo}`
|
|
|
|
if (!session) {
|
|
console.log(`[layout:protected] no session, redirecting to: ${redirectURL}`)
|
|
redirect(redirectURL)
|
|
}
|
|
|
|
const user = await getProfile()
|
|
|
|
if (user && "error" in user) {
|
|
// redirect(redirectURL)
|
|
console.error("[layout:protected] error in user", user)
|
|
console.error(
|
|
"[layout:protected] full user: ",
|
|
JSON.stringify(user, null, 4)
|
|
)
|
|
switch (user.cause) {
|
|
case "unauthorized": // fall through
|
|
case "forbidden": // fall through
|
|
case "token_expired":
|
|
console.error(
|
|
`[layout:protected] user error, redirecting to: ${redirectURL}`
|
|
)
|
|
redirect(redirectURL)
|
|
case "notfound":
|
|
console.error(`[layout:protected] notfound user loading error`)
|
|
break
|
|
case "unknown":
|
|
console.error(`[layout:protected] unknown user loading error`)
|
|
break
|
|
default:
|
|
console.error(`[layout:protected] unhandled user loading error`)
|
|
break
|
|
}
|
|
return <p>{intl.formatMessage({ id: "Something went wrong!" })}</p>
|
|
}
|
|
|
|
if (!user) {
|
|
console.error(
|
|
"[layout:protected] no user found, redirecting to: ",
|
|
redirectURL
|
|
)
|
|
redirect(redirectURL)
|
|
}
|
|
|
|
return children
|
|
}
|