-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmiddleware.ts
98 lines (89 loc) · 3.58 KB
/
middleware.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";
import { type JWTTokenPayload, getMK8Token, getMK8TokenFromAccountAPI } from "./helpers/types/JWTTokenPayload";
export async function middleware(request: NextRequest) {
const nextPathname = request.nextUrl.pathname;
const allowedPIDs: number[] = [1606041002, 1628534996]; // PretendoRambo3, PN_Rambo2 -- In addition to access_level >= 3
if (nextPathname.startsWith("/logout")) {
const url = new URL("/", request.url);
const response = NextResponse.redirect(url);
response.cookies.set("mk8_token", "", { maxAge: 0, domain: ".pretendo.network" });
response.cookies.set("access_token", "", { maxAge: 0, domain: ".pretendo.network" });
response.cookies.set("refresh_token", "", { maxAge: 0, domain: ".pretendo.network" });
response.cookies.set("token_type", "", { maxAge: 0, domain: ".pretendo.network" });
return response;
}
const hostname = request.nextUrl.hostname;
const redirect_login_url = `https://${hostname.substring(hostname.indexOf(".") + 1)}/account/login?redirect=http://${hostname}`;
var mk8_token: JWTTokenPayload | null = await getMK8Token(request);
let res;
if (!mk8_token) {
res = await getMK8TokenFromAccountAPI(request);
if (!res && nextPathname.startsWith("/admin")) {
const response = NextResponse.redirect(redirect_login_url);
if (request.cookies.has("mk8_token")) {
response.cookies.delete("mk8_token");
}
return response;
}
if (res) {
mk8_token = res.token;
}
}
if (nextPathname.startsWith("/dashboard") && !mk8_token) {
const url = new URL("/", request.url);
return NextResponse.redirect(url);
}
if (nextPathname.startsWith("/api/admin")) {
if (mk8_token) {
if (nextPathname.startsWith("/api/admin/userdata")) {
return NextResponse.next();
} else if (mk8_token.access_level >= 3 || allowedPIDs.includes(mk8_token.pid)) {
return NextResponse.next();
} else {
return new NextResponse("{}", { status: 401 });
}
} else {
return new NextResponse("{}", { status: 401 });
}
}
if (nextPathname.startsWith("/admin")) {
if (mk8_token) {
const isAdmin = mk8_token.access_level >= 3 || allowedPIDs.includes(mk8_token.pid);
if (!isAdmin) {
var response = NextResponse.redirect(new URL("/", request.url));
} else {
var response = NextResponse.next();
}
response.headers.set("X-MK8-Pretendo-ACL", mk8_token.access_level.toString());
response.headers.set("X-MK8-Pretendo-Username", mk8_token.pnid);
response.headers.set("X-MK8-Pretendo-ImageURL", mk8_token.mii_image_url);
response.headers.set("X-MK8-Pretendo-PID", mk8_token.pid.toString());
if (res) {
response.cookies.set("mk8_token", res.jwt_token, { domain: ".pretendo.network" });
}
return response;
} else {
const response = NextResponse.redirect(redirect_login_url);
if (request.cookies.has("mk8_token")) {
response.cookies.delete("mk8_token");
}
return response;
}
} else {
const response = NextResponse.next();
if (mk8_token) {
response.headers.set("X-MK8-Pretendo-ACL", mk8_token.access_level.toString());
response.headers.set("X-MK8-Pretendo-Username", mk8_token.pnid);
response.headers.set("X-MK8-Pretendo-ImageURL", mk8_token.mii_image_url);
response.headers.set("X-MK8-Pretendo-PID", mk8_token.pid.toString());
}
if (res) {
response.cookies.set("mk8_token", res.jwt_token, { domain: ".pretendo.network" });
}
return response;
}
}
export const config = {
matcher: ["/", "/logout", "/api/:path*", "/admin/:path*", "/dashboard/:path*", "/tournaments/:path*", "/gatherings/:path*", "/rankings/:path*"],
};