139 lines
3.7 KiB
TypeScript
139 lines
3.7 KiB
TypeScript
import { type NextMiddleware, NextResponse } from "next/server"
|
|
|
|
import { findLang } from "@/constants/languages"
|
|
import {
|
|
loyaltyPagesWebviews,
|
|
myPagesWebviews,
|
|
refreshWebviews,
|
|
webviews,
|
|
} from "@/constants/routes/webviews"
|
|
import { env } from "@/env/server"
|
|
import { badRequest, notFound } from "@/server/errors/next"
|
|
|
|
import { decryptData } from "@/utils/aes"
|
|
import { resolve as resolveEntry } from "@/utils/entry"
|
|
|
|
import { getDefaultRequestHeaders } from "./utils"
|
|
|
|
import type { MiddlewareMatcher } from "@/types/middleware"
|
|
|
|
export const middleware: NextMiddleware = async (request) => {
|
|
const { nextUrl } = request
|
|
const lang = findLang(nextUrl.pathname)
|
|
|
|
// If user is redirected to /lang/webview/refresh/, the webview token is invalid and we remove the cookie
|
|
if (refreshWebviews.includes(nextUrl.pathname)) {
|
|
return NextResponse.rewrite(
|
|
new URL(
|
|
`/${lang}/webview/refresh?${nextUrl.searchParams.toString()}`,
|
|
nextUrl
|
|
),
|
|
{
|
|
headers: {
|
|
"Set-Cookie": `webviewToken=0; Max-Age=0; Secure; HttpOnly; Path=/; SameSite=Strict;`,
|
|
},
|
|
}
|
|
)
|
|
}
|
|
|
|
const pathNameWithoutLang = nextUrl.pathname.replace(`/${lang}/webview`, "")
|
|
|
|
const { uid } = await resolveEntry(pathNameWithoutLang, lang)
|
|
if (!uid) {
|
|
throw notFound(
|
|
`Unable to resolve CMS entry for locale "${lang}": ${pathNameWithoutLang}`
|
|
)
|
|
}
|
|
const headers = getDefaultRequestHeaders(request)
|
|
headers.set("x-uid", uid)
|
|
|
|
const webviewToken = request.cookies.get("webviewToken")
|
|
if (webviewToken) {
|
|
// since the token exists, this is a subsequent visit
|
|
// we're done, allow it
|
|
if (myPagesWebviews.includes(nextUrl.pathname)) {
|
|
return NextResponse.rewrite(
|
|
new URL(`/${lang}/webview/account-page/${uid}`, nextUrl),
|
|
{
|
|
request: {
|
|
headers,
|
|
},
|
|
}
|
|
)
|
|
} else if (loyaltyPagesWebviews.includes(nextUrl.pathname)) {
|
|
return NextResponse.rewrite(
|
|
new URL(`/${lang}/webview/loyalty-page/${uid}`, nextUrl),
|
|
{
|
|
request: {
|
|
headers,
|
|
},
|
|
}
|
|
)
|
|
} else {
|
|
return notFound()
|
|
}
|
|
}
|
|
|
|
try {
|
|
// Authorization header is required for webviews
|
|
// It should be base64 encoded
|
|
const authorization = request.headers.get("Authorization")!
|
|
if (!authorization) {
|
|
console.error("Authorization header is missing")
|
|
return badRequest()
|
|
}
|
|
|
|
// Initialization vector header is required for webviews
|
|
// It should be base64 encoded
|
|
const initializationVector = request.headers.get("X-AES-IV")!
|
|
if (!initializationVector) {
|
|
console.error("initializationVector header is missing")
|
|
return badRequest()
|
|
}
|
|
|
|
const decryptedData = await decryptData(
|
|
env.WEBVIEW_ENCRYPTION_KEY,
|
|
initializationVector,
|
|
authorization
|
|
)
|
|
|
|
headers.set(
|
|
"Set-Cookie",
|
|
`webviewToken=${decryptedData}; Secure; HttpOnly; Path=/; SameSite=Strict;`
|
|
)
|
|
headers.set("Cookie", `webviewToken=${decryptedData}`)
|
|
|
|
if (myPagesWebviews.includes(nextUrl.pathname)) {
|
|
return NextResponse.rewrite(
|
|
new URL(`/${lang}/webview/account-page/${uid}`, nextUrl),
|
|
{
|
|
request: {
|
|
headers,
|
|
},
|
|
}
|
|
)
|
|
} else if (loyaltyPagesWebviews.includes(nextUrl.pathname)) {
|
|
return NextResponse.rewrite(
|
|
new URL(`/${lang}/webview/loyalty-page/${uid}`, nextUrl),
|
|
{
|
|
request: {
|
|
headers,
|
|
},
|
|
}
|
|
)
|
|
}
|
|
} catch (e) {
|
|
if (e instanceof Error) {
|
|
console.error(`${e.name}: ${e.message}`)
|
|
}
|
|
|
|
return badRequest()
|
|
}
|
|
}
|
|
|
|
export const matcher: MiddlewareMatcher = (request) => {
|
|
const { nextUrl } = request
|
|
|
|
return webviews.includes(nextUrl.pathname)
|
|
}
|