@sqrzro/server 2.0.0-bz.55 → 2.0.0-bz.56

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/middleware.cjs +1 -1
  2. package/dist/middleware.cjs.map +1 -1
  3. package/dist/middleware.js +1 -1
  4. package/dist/middleware.js.map +1 -1
  5. package/package.json +1 -1
package/dist/middleware.cjs CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  var server = require('next/server');
4
4
 
5
- var c="/auth/login";function l(e){return e.headers.get("accept")==="application/json"}function o(e,n){return n.headers.set("x-origin",e.nextUrl.origin),n.headers.set("x-pathname",e.nextUrl.pathname),n.headers.set("x-search-params",e.nextUrl.searchParams.toString()),n}function p(e){return e.toString().replace(e.origin,"")}function a(e,n=c){return e.nextUrl.pathname===n?o(e,server.NextResponse.next()):o(e,l(e)?server.NextResponse.json({error:"Unauthorized"},{status:401}):server.NextResponse.redirect(`${e.nextUrl.origin}${n}?r=${encodeURIComponent(p(e.nextUrl))}`))}function x(){let e=new Headers;return process.env.VERCEL_PROTECTION_BYPASS&&e.append("x-vercel-protection-bypass",process.env.VERCEL_PROTECTION_BYPASS),{headers:e}}async function R(e,n){if(console.log(1),e.nextUrl.pathname==="/api/session")return console.log(2),o(e,n?n():server.NextResponse.next());console.log(3);let i=e.cookies.get(process.env.AUTH_COOKIE_NAME||"auth_session")?.value||"";console.log(4,i);try{let s=await fetch(`${e.nextUrl.origin}/api/session?id=${i}&pathname=${e.nextUrl.pathname}`,x());console.log(5);let r=await s.json();return console.log(6,r),r.redirect===null?(console.log(7),o(e,n?n():server.NextResponse.next())):(console.log(7),a(e,r.redirect))}catch(s){return console.log(7,s),a(e)}}
5
+ var c="/auth/login";function l(e){return e.headers.get("accept")==="application/json"}function o(e,n){return n.headers.set("x-origin",e.nextUrl.origin),n.headers.set("x-pathname",e.nextUrl.pathname),n.headers.set("x-search-params",e.nextUrl.searchParams.toString()),n}function p(e){return e.toString().replace(e.origin,"")}function a(e,n=c){return e.nextUrl.pathname===n?o(e,server.NextResponse.next()):o(e,l(e)?server.NextResponse.json({error:"Unauthorized"},{status:401}):server.NextResponse.redirect(`${e.nextUrl.origin}${n}?r=${encodeURIComponent(p(e.nextUrl))}`))}function x(){let e=new Headers;return process.env.VERCEL_AUTOMATION_BYPASS_SECRET&&e.append("x-vercel-protection-bypass",process.env.VERCEL_AUTOMATION_BYPASS_SECRET),{headers:e}}async function R(e,n){if(console.log(1),e.nextUrl.pathname==="/api/session")return console.log(2),o(e,n?n():server.NextResponse.next());console.log(3);let i=e.cookies.get(process.env.AUTH_COOKIE_NAME||"auth_session")?.value||"";console.log(4,i);try{let s=await fetch(`${e.nextUrl.origin}/api/session?id=${i}&pathname=${e.nextUrl.pathname}`,x());console.log(5);let r=await s.json();return console.log(6,r),r.redirect===null?(console.log(7),o(e,n?n():server.NextResponse.next())):(console.log(7),a(e,r.redirect))}catch(s){return console.log(7,s),a(e)}}
6
6
 
7
7
  exports.handleMiddleware = R;
8
8
  //# sourceMappingURL=out.js.map
package/dist/middleware.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/middleware.ts"],"names":["NextResponse","DEFAULT_REDIRECT","isJsonRequest","request","applyHeaders","response","getRelativeUrl","url","redirect","pathname","bypassProtection","headers","handleMiddleware","nextFn","sessionID","session","json","err"],"mappings":"AAAA,OAAS,gBAAAA,MAAoB,cAG7B,IAAMC,EAAmB,cAEzB,SAASC,EAAcC,EAA+B,CAClD,OAAOA,EAAQ,QAAQ,IAAI,QAAQ,IAAM,kBAC7C,CAEA,SAASC,EAAaD,EAAsBE,EAAsC,CAC9E,OAAAA,EAAS,QAAQ,IAAI,WAAYF,EAAQ,QAAQ,MAAM,EACvDE,EAAS,QAAQ,IAAI,aAAcF,EAAQ,QAAQ,QAAQ,EAC3DE,EAAS,QAAQ,IAAI,kBAAmBF,EAAQ,QAAQ,aAAa,SAAS,CAAC,EACxEE,CACX,CAEA,SAASC,EAAeC,EAAqC,CACzD,OAAOA,EAAI,SAAS,EAAE,QAAQA,EAAI,OAAQ,EAAE,CAChD,CAEA,SAASC,EAASL,EAAsBM,EAAWR,EAAgC,CAC/E,OAAIE,EAAQ,QAAQ,WAAaM,EACtBL,EAAaD,EAASH,EAAa,KAAK,CAAC,EAG7CI,EACHD,EACAD,EAAcC,CAAO,EACfH,EAAa,KAAK,CAAE,MAAO,cAAe,EAAG,CAAE,OAAQ,GAAI,CAAC,EAC5DA,EAAa,SACT,GAAGG,EAAQ,QAAQ,MAAM,GAAGM,CAAQ,MAAM,mBACtCH,EAAeH,EAAQ,OAAO,CAClC,CAAC,EACL,CACV,CACJ,CAMA,SAASO,GAAgC,CACrC,IAAMC,EAAU,IAAI,QAEpB,OAAI,QAAQ,IAAI,0BACZA,EAAQ,OAAO,6BAA8B,QAAQ,IAAI,wBAAwB,EAG9E,CAAE,QAAAA,CAAQ,CACrB,CAEA,eAAsBC,EAClBT,EACAU,EACqB,CAIrB,GAHA,QAAQ,IAAI,CAAC,EAGTV,EAAQ,QAAQ,WAAa,eAC7B,eAAQ,IAAI,CAAC,EACNC,EAAaD,EAASU,EAASA,EAAO,EAAIb,EAAa,KAAK,CAAC,EAGxE,QAAQ,IAAI,CAAC,EAEb,IAAMc,EACFX,EAAQ,QAAQ,IAAI,QAAQ,IAAI,kBAAoB,cAAc,GAAG,OAAS,GAElF,QAAQ,IAAI,EAAGW,CAAS,EAExB,GAAI,CACA,IAAMC,EAAU,MAAM,MAClB,GAAGZ,EAAQ,QAAQ,MAAM,mBAAmBW,CAAS,aAAaX,EAAQ,QAAQ,QAAQ,GAC1FO,EAAiB,CACrB,EAEA,QAAQ,IAAI,CAAC,EAEb,IAAMM,EAAQ,MAAMD,EAAQ,KAAK,EAIjC,OAFA,QAAQ,IAAI,EAAGC,CAAI,EAEfA,EAAK,WAAa,MAClB,QAAQ,IAAI,CAAC,EACNZ,EAAaD,EAASU,EAASA,EAAO,EAAIb,EAAa,KAAK,CAAC,IAGxE,QAAQ,IAAI,CAAC,EACNQ,EAASL,EAASa,EAAK,QAAQ,EAC1C,OAASC,EAAK,CACV,eAAQ,IAAI,EAAGA,CAAG,EACXT,EAASL,CAAO,CAC3B,CACJ","sourcesContent":["import { NextResponse } from 'next/server';\nimport type { NextRequest } from 'next/server';\n\nconst DEFAULT_REDIRECT = '/auth/login';\n\nfunction isJsonRequest(request: NextRequest): boolean {\n return request.headers.get('accept') === 'application/json';\n}\n\nfunction applyHeaders(request: NextRequest, response: NextResponse): NextResponse {\n response.headers.set('x-origin', request.nextUrl.origin);\n response.headers.set('x-pathname', request.nextUrl.pathname);\n response.headers.set('x-search-params', request.nextUrl.searchParams.toString());\n return response;\n}\n\nfunction getRelativeUrl(url: NextRequest['nextUrl']): string {\n return url.toString().replace(url.origin, '');\n}\n\nfunction redirect(request: NextRequest, pathname = DEFAULT_REDIRECT): NextResponse {\n if (request.nextUrl.pathname === pathname) {\n return applyHeaders(request, NextResponse.next());\n }\n\n return applyHeaders(\n request,\n isJsonRequest(request)\n ? NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n : NextResponse.redirect(\n `${request.nextUrl.origin}${pathname}?r=${encodeURIComponent(\n getRelativeUrl(request.nextUrl)\n )}`\n )\n );\n}\n\n/*\n * When deployed to Vercel in a preview environment, we need to bypass the protection when fetching\n * the session from the API.\n */\nfunction bypassProtection(): RequestInit {\n const headers = new Headers();\n\n if (process.env.VERCEL_PROTECTION_BYPASS) {\n headers.append('x-vercel-protection-bypass', process.env.VERCEL_PROTECTION_BYPASS);\n }\n\n return { headers };\n}\n\nexport async function handleMiddleware(\n request: NextRequest,\n nextFn?: () => NextResponse\n): Promise<NextResponse> {\n console.log(1);\n\n // If the URL is /api/session, we should just return the response, otherwise we end up in a loop\n if (request.nextUrl.pathname === '/api/session') {\n console.log(2);\n return applyHeaders(request, nextFn ? nextFn() : NextResponse.next());\n }\n\n console.log(3);\n\n const sessionID =\n request.cookies.get(process.env.AUTH_COOKIE_NAME || 'auth_session')?.value || '';\n\n console.log(4, sessionID);\n\n try {\n const session = await fetch(\n `${request.nextUrl.origin}/api/session?id=${sessionID}&pathname=${request.nextUrl.pathname}`,\n bypassProtection()\n );\n\n console.log(5);\n\n const json = (await session.json()) as { redirect: string | null };\n\n console.log(6, json);\n\n if (json.redirect === null) {\n console.log(7);\n return applyHeaders(request, nextFn ? nextFn() : NextResponse.next());\n }\n\n console.log(7);\n return redirect(request, json.redirect);\n } catch (err) {\n console.log(7, err);\n return redirect(request);\n }\n}\n"]}
1
+ {"version":3,"sources":["../src/middleware.ts"],"names":["NextResponse","DEFAULT_REDIRECT","isJsonRequest","request","applyHeaders","response","getRelativeUrl","url","redirect","pathname","bypassProtection","headers","handleMiddleware","nextFn","sessionID","session","json","err"],"mappings":"AAAA,OAAS,gBAAAA,MAAoB,cAG7B,IAAMC,EAAmB,cAEzB,SAASC,EAAcC,EAA+B,CAClD,OAAOA,EAAQ,QAAQ,IAAI,QAAQ,IAAM,kBAC7C,CAEA,SAASC,EAAaD,EAAsBE,EAAsC,CAC9E,OAAAA,EAAS,QAAQ,IAAI,WAAYF,EAAQ,QAAQ,MAAM,EACvDE,EAAS,QAAQ,IAAI,aAAcF,EAAQ,QAAQ,QAAQ,EAC3DE,EAAS,QAAQ,IAAI,kBAAmBF,EAAQ,QAAQ,aAAa,SAAS,CAAC,EACxEE,CACX,CAEA,SAASC,EAAeC,EAAqC,CACzD,OAAOA,EAAI,SAAS,EAAE,QAAQA,EAAI,OAAQ,EAAE,CAChD,CAEA,SAASC,EAASL,EAAsBM,EAAWR,EAAgC,CAC/E,OAAIE,EAAQ,QAAQ,WAAaM,EACtBL,EAAaD,EAASH,EAAa,KAAK,CAAC,EAG7CI,EACHD,EACAD,EAAcC,CAAO,EACfH,EAAa,KAAK,CAAE,MAAO,cAAe,EAAG,CAAE,OAAQ,GAAI,CAAC,EAC5DA,EAAa,SACT,GAAGG,EAAQ,QAAQ,MAAM,GAAGM,CAAQ,MAAM,mBACtCH,EAAeH,EAAQ,OAAO,CAClC,CAAC,EACL,CACV,CACJ,CAMA,SAASO,GAAgC,CACrC,IAAMC,EAAU,IAAI,QAEpB,OAAI,QAAQ,IAAI,iCACZA,EAAQ,OAAO,6BAA8B,QAAQ,IAAI,+BAA+B,EAGrF,CAAE,QAAAA,CAAQ,CACrB,CAEA,eAAsBC,EAClBT,EACAU,EACqB,CAIrB,GAHA,QAAQ,IAAI,CAAC,EAGTV,EAAQ,QAAQ,WAAa,eAC7B,eAAQ,IAAI,CAAC,EACNC,EAAaD,EAASU,EAASA,EAAO,EAAIb,EAAa,KAAK,CAAC,EAGxE,QAAQ,IAAI,CAAC,EAEb,IAAMc,EACFX,EAAQ,QAAQ,IAAI,QAAQ,IAAI,kBAAoB,cAAc,GAAG,OAAS,GAElF,QAAQ,IAAI,EAAGW,CAAS,EAExB,GAAI,CACA,IAAMC,EAAU,MAAM,MAClB,GAAGZ,EAAQ,QAAQ,MAAM,mBAAmBW,CAAS,aAAaX,EAAQ,QAAQ,QAAQ,GAC1FO,EAAiB,CACrB,EAEA,QAAQ,IAAI,CAAC,EAEb,IAAMM,EAAQ,MAAMD,EAAQ,KAAK,EAIjC,OAFA,QAAQ,IAAI,EAAGC,CAAI,EAEfA,EAAK,WAAa,MAClB,QAAQ,IAAI,CAAC,EACNZ,EAAaD,EAASU,EAASA,EAAO,EAAIb,EAAa,KAAK,CAAC,IAGxE,QAAQ,IAAI,CAAC,EACNQ,EAASL,EAASa,EAAK,QAAQ,EAC1C,OAASC,EAAK,CACV,eAAQ,IAAI,EAAGA,CAAG,EACXT,EAASL,CAAO,CAC3B,CACJ","sourcesContent":["import { NextResponse } from 'next/server';\nimport type { NextRequest } from 'next/server';\n\nconst DEFAULT_REDIRECT = '/auth/login';\n\nfunction isJsonRequest(request: NextRequest): boolean {\n return request.headers.get('accept') === 'application/json';\n}\n\nfunction applyHeaders(request: NextRequest, response: NextResponse): NextResponse {\n response.headers.set('x-origin', request.nextUrl.origin);\n response.headers.set('x-pathname', request.nextUrl.pathname);\n response.headers.set('x-search-params', request.nextUrl.searchParams.toString());\n return response;\n}\n\nfunction getRelativeUrl(url: NextRequest['nextUrl']): string {\n return url.toString().replace(url.origin, '');\n}\n\nfunction redirect(request: NextRequest, pathname = DEFAULT_REDIRECT): NextResponse {\n if (request.nextUrl.pathname === pathname) {\n return applyHeaders(request, NextResponse.next());\n }\n\n return applyHeaders(\n request,\n isJsonRequest(request)\n ? NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n : NextResponse.redirect(\n `${request.nextUrl.origin}${pathname}?r=${encodeURIComponent(\n getRelativeUrl(request.nextUrl)\n )}`\n )\n );\n}\n\n/*\n * When deployed to Vercel in a preview environment, we need to bypass the protection when fetching\n * the session from the API.\n */\nfunction bypassProtection(): RequestInit {\n const headers = new Headers();\n\n if (process.env.VERCEL_AUTOMATION_BYPASS_SECRET) {\n headers.append('x-vercel-protection-bypass', process.env.VERCEL_AUTOMATION_BYPASS_SECRET);\n }\n\n return { headers };\n}\n\nexport async function handleMiddleware(\n request: NextRequest,\n nextFn?: () => NextResponse\n): Promise<NextResponse> {\n console.log(1);\n\n // If the URL is /api/session, we should just return the response, otherwise we end up in a loop\n if (request.nextUrl.pathname === '/api/session') {\n console.log(2);\n return applyHeaders(request, nextFn ? nextFn() : NextResponse.next());\n }\n\n console.log(3);\n\n const sessionID =\n request.cookies.get(process.env.AUTH_COOKIE_NAME || 'auth_session')?.value || '';\n\n console.log(4, sessionID);\n\n try {\n const session = await fetch(\n `${request.nextUrl.origin}/api/session?id=${sessionID}&pathname=${request.nextUrl.pathname}`,\n bypassProtection()\n );\n\n console.log(5);\n\n const json = (await session.json()) as { redirect: string | null };\n\n console.log(6, json);\n\n if (json.redirect === null) {\n console.log(7);\n return applyHeaders(request, nextFn ? nextFn() : NextResponse.next());\n }\n\n console.log(7);\n return redirect(request, json.redirect);\n } catch (err) {\n console.log(7, err);\n return redirect(request);\n }\n}\n"]}
package/dist/middleware.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import { NextResponse } from 'next/server';
2
2
 
3
- var c="/auth/login";function l(e){return e.headers.get("accept")==="application/json"}function o(e,n){return n.headers.set("x-origin",e.nextUrl.origin),n.headers.set("x-pathname",e.nextUrl.pathname),n.headers.set("x-search-params",e.nextUrl.searchParams.toString()),n}function p(e){return e.toString().replace(e.origin,"")}function a(e,n=c){return e.nextUrl.pathname===n?o(e,NextResponse.next()):o(e,l(e)?NextResponse.json({error:"Unauthorized"},{status:401}):NextResponse.redirect(`${e.nextUrl.origin}${n}?r=${encodeURIComponent(p(e.nextUrl))}`))}function x(){let e=new Headers;return process.env.VERCEL_PROTECTION_BYPASS&&e.append("x-vercel-protection-bypass",process.env.VERCEL_PROTECTION_BYPASS),{headers:e}}async function R(e,n){if(console.log(1),e.nextUrl.pathname==="/api/session")return console.log(2),o(e,n?n():NextResponse.next());console.log(3);let i=e.cookies.get(process.env.AUTH_COOKIE_NAME||"auth_session")?.value||"";console.log(4,i);try{let s=await fetch(`${e.nextUrl.origin}/api/session?id=${i}&pathname=${e.nextUrl.pathname}`,x());console.log(5);let r=await s.json();return console.log(6,r),r.redirect===null?(console.log(7),o(e,n?n():NextResponse.next())):(console.log(7),a(e,r.redirect))}catch(s){return console.log(7,s),a(e)}}
3
+ var c="/auth/login";function l(e){return e.headers.get("accept")==="application/json"}function o(e,n){return n.headers.set("x-origin",e.nextUrl.origin),n.headers.set("x-pathname",e.nextUrl.pathname),n.headers.set("x-search-params",e.nextUrl.searchParams.toString()),n}function p(e){return e.toString().replace(e.origin,"")}function a(e,n=c){return e.nextUrl.pathname===n?o(e,NextResponse.next()):o(e,l(e)?NextResponse.json({error:"Unauthorized"},{status:401}):NextResponse.redirect(`${e.nextUrl.origin}${n}?r=${encodeURIComponent(p(e.nextUrl))}`))}function x(){let e=new Headers;return process.env.VERCEL_AUTOMATION_BYPASS_SECRET&&e.append("x-vercel-protection-bypass",process.env.VERCEL_AUTOMATION_BYPASS_SECRET),{headers:e}}async function R(e,n){if(console.log(1),e.nextUrl.pathname==="/api/session")return console.log(2),o(e,n?n():NextResponse.next());console.log(3);let i=e.cookies.get(process.env.AUTH_COOKIE_NAME||"auth_session")?.value||"";console.log(4,i);try{let s=await fetch(`${e.nextUrl.origin}/api/session?id=${i}&pathname=${e.nextUrl.pathname}`,x());console.log(5);let r=await s.json();return console.log(6,r),r.redirect===null?(console.log(7),o(e,n?n():NextResponse.next())):(console.log(7),a(e,r.redirect))}catch(s){return console.log(7,s),a(e)}}
4
4
 
5
5
  export { R as handleMiddleware };
6
6
  //# sourceMappingURL=out.js.map
package/dist/middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/middleware.ts"],"names":["NextResponse","DEFAULT_REDIRECT","isJsonRequest","request","applyHeaders","response","getRelativeUrl","url","redirect","pathname","bypassProtection","headers","handleMiddleware","nextFn","sessionID","session","json","err"],"mappings":"AAAA,OAAS,gBAAAA,MAAoB,cAG7B,IAAMC,EAAmB,cAEzB,SAASC,EAAcC,EAA+B,CAClD,OAAOA,EAAQ,QAAQ,IAAI,QAAQ,IAAM,kBAC7C,CAEA,SAASC,EAAaD,EAAsBE,EAAsC,CAC9E,OAAAA,EAAS,QAAQ,IAAI,WAAYF,EAAQ,QAAQ,MAAM,EACvDE,EAAS,QAAQ,IAAI,aAAcF,EAAQ,QAAQ,QAAQ,EAC3DE,EAAS,QAAQ,IAAI,kBAAmBF,EAAQ,QAAQ,aAAa,SAAS,CAAC,EACxEE,CACX,CAEA,SAASC,EAAeC,EAAqC,CACzD,OAAOA,EAAI,SAAS,EAAE,QAAQA,EAAI,OAAQ,EAAE,CAChD,CAEA,SAASC,EAASL,EAAsBM,EAAWR,EAAgC,CAC/E,OAAIE,EAAQ,QAAQ,WAAaM,EACtBL,EAAaD,EAASH,EAAa,KAAK,CAAC,EAG7CI,EACHD,EACAD,EAAcC,CAAO,EACfH,EAAa,KAAK,CAAE,MAAO,cAAe,EAAG,CAAE,OAAQ,GAAI,CAAC,EAC5DA,EAAa,SACT,GAAGG,EAAQ,QAAQ,MAAM,GAAGM,CAAQ,MAAM,mBACtCH,EAAeH,EAAQ,OAAO,CAClC,CAAC,EACL,CACV,CACJ,CAMA,SAASO,GAAgC,CACrC,IAAMC,EAAU,IAAI,QAEpB,OAAI,QAAQ,IAAI,0BACZA,EAAQ,OAAO,6BAA8B,QAAQ,IAAI,wBAAwB,EAG9E,CAAE,QAAAA,CAAQ,CACrB,CAEA,eAAsBC,EAClBT,EACAU,EACqB,CAIrB,GAHA,QAAQ,IAAI,CAAC,EAGTV,EAAQ,QAAQ,WAAa,eAC7B,eAAQ,IAAI,CAAC,EACNC,EAAaD,EAASU,EAASA,EAAO,EAAIb,EAAa,KAAK,CAAC,EAGxE,QAAQ,IAAI,CAAC,EAEb,IAAMc,EACFX,EAAQ,QAAQ,IAAI,QAAQ,IAAI,kBAAoB,cAAc,GAAG,OAAS,GAElF,QAAQ,IAAI,EAAGW,CAAS,EAExB,GAAI,CACA,IAAMC,EAAU,MAAM,MAClB,GAAGZ,EAAQ,QAAQ,MAAM,mBAAmBW,CAAS,aAAaX,EAAQ,QAAQ,QAAQ,GAC1FO,EAAiB,CACrB,EAEA,QAAQ,IAAI,CAAC,EAEb,IAAMM,EAAQ,MAAMD,EAAQ,KAAK,EAIjC,OAFA,QAAQ,IAAI,EAAGC,CAAI,EAEfA,EAAK,WAAa,MAClB,QAAQ,IAAI,CAAC,EACNZ,EAAaD,EAASU,EAASA,EAAO,EAAIb,EAAa,KAAK,CAAC,IAGxE,QAAQ,IAAI,CAAC,EACNQ,EAASL,EAASa,EAAK,QAAQ,EAC1C,OAASC,EAAK,CACV,eAAQ,IAAI,EAAGA,CAAG,EACXT,EAASL,CAAO,CAC3B,CACJ","sourcesContent":["import { NextResponse } from 'next/server';\nimport type { NextRequest } from 'next/server';\n\nconst DEFAULT_REDIRECT = '/auth/login';\n\nfunction isJsonRequest(request: NextRequest): boolean {\n return request.headers.get('accept') === 'application/json';\n}\n\nfunction applyHeaders(request: NextRequest, response: NextResponse): NextResponse {\n response.headers.set('x-origin', request.nextUrl.origin);\n response.headers.set('x-pathname', request.nextUrl.pathname);\n response.headers.set('x-search-params', request.nextUrl.searchParams.toString());\n return response;\n}\n\nfunction getRelativeUrl(url: NextRequest['nextUrl']): string {\n return url.toString().replace(url.origin, '');\n}\n\nfunction redirect(request: NextRequest, pathname = DEFAULT_REDIRECT): NextResponse {\n if (request.nextUrl.pathname === pathname) {\n return applyHeaders(request, NextResponse.next());\n }\n\n return applyHeaders(\n request,\n isJsonRequest(request)\n ? NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n : NextResponse.redirect(\n `${request.nextUrl.origin}${pathname}?r=${encodeURIComponent(\n getRelativeUrl(request.nextUrl)\n )}`\n )\n );\n}\n\n/*\n * When deployed to Vercel in a preview environment, we need to bypass the protection when fetching\n * the session from the API.\n */\nfunction bypassProtection(): RequestInit {\n const headers = new Headers();\n\n if (process.env.VERCEL_PROTECTION_BYPASS) {\n headers.append('x-vercel-protection-bypass', process.env.VERCEL_PROTECTION_BYPASS);\n }\n\n return { headers };\n}\n\nexport async function handleMiddleware(\n request: NextRequest,\n nextFn?: () => NextResponse\n): Promise<NextResponse> {\n console.log(1);\n\n // If the URL is /api/session, we should just return the response, otherwise we end up in a loop\n if (request.nextUrl.pathname === '/api/session') {\n console.log(2);\n return applyHeaders(request, nextFn ? nextFn() : NextResponse.next());\n }\n\n console.log(3);\n\n const sessionID =\n request.cookies.get(process.env.AUTH_COOKIE_NAME || 'auth_session')?.value || '';\n\n console.log(4, sessionID);\n\n try {\n const session = await fetch(\n `${request.nextUrl.origin}/api/session?id=${sessionID}&pathname=${request.nextUrl.pathname}`,\n bypassProtection()\n );\n\n console.log(5);\n\n const json = (await session.json()) as { redirect: string | null };\n\n console.log(6, json);\n\n if (json.redirect === null) {\n console.log(7);\n return applyHeaders(request, nextFn ? nextFn() : NextResponse.next());\n }\n\n console.log(7);\n return redirect(request, json.redirect);\n } catch (err) {\n console.log(7, err);\n return redirect(request);\n }\n}\n"]}
1
+ {"version":3,"sources":["../src/middleware.ts"],"names":["NextResponse","DEFAULT_REDIRECT","isJsonRequest","request","applyHeaders","response","getRelativeUrl","url","redirect","pathname","bypassProtection","headers","handleMiddleware","nextFn","sessionID","session","json","err"],"mappings":"AAAA,OAAS,gBAAAA,MAAoB,cAG7B,IAAMC,EAAmB,cAEzB,SAASC,EAAcC,EAA+B,CAClD,OAAOA,EAAQ,QAAQ,IAAI,QAAQ,IAAM,kBAC7C,CAEA,SAASC,EAAaD,EAAsBE,EAAsC,CAC9E,OAAAA,EAAS,QAAQ,IAAI,WAAYF,EAAQ,QAAQ,MAAM,EACvDE,EAAS,QAAQ,IAAI,aAAcF,EAAQ,QAAQ,QAAQ,EAC3DE,EAAS,QAAQ,IAAI,kBAAmBF,EAAQ,QAAQ,aAAa,SAAS,CAAC,EACxEE,CACX,CAEA,SAASC,EAAeC,EAAqC,CACzD,OAAOA,EAAI,SAAS,EAAE,QAAQA,EAAI,OAAQ,EAAE,CAChD,CAEA,SAASC,EAASL,EAAsBM,EAAWR,EAAgC,CAC/E,OAAIE,EAAQ,QAAQ,WAAaM,EACtBL,EAAaD,EAASH,EAAa,KAAK,CAAC,EAG7CI,EACHD,EACAD,EAAcC,CAAO,EACfH,EAAa,KAAK,CAAE,MAAO,cAAe,EAAG,CAAE,OAAQ,GAAI,CAAC,EAC5DA,EAAa,SACT,GAAGG,EAAQ,QAAQ,MAAM,GAAGM,CAAQ,MAAM,mBACtCH,EAAeH,EAAQ,OAAO,CAClC,CAAC,EACL,CACV,CACJ,CAMA,SAASO,GAAgC,CACrC,IAAMC,EAAU,IAAI,QAEpB,OAAI,QAAQ,IAAI,iCACZA,EAAQ,OAAO,6BAA8B,QAAQ,IAAI,+BAA+B,EAGrF,CAAE,QAAAA,CAAQ,CACrB,CAEA,eAAsBC,EAClBT,EACAU,EACqB,CAIrB,GAHA,QAAQ,IAAI,CAAC,EAGTV,EAAQ,QAAQ,WAAa,eAC7B,eAAQ,IAAI,CAAC,EACNC,EAAaD,EAASU,EAASA,EAAO,EAAIb,EAAa,KAAK,CAAC,EAGxE,QAAQ,IAAI,CAAC,EAEb,IAAMc,EACFX,EAAQ,QAAQ,IAAI,QAAQ,IAAI,kBAAoB,cAAc,GAAG,OAAS,GAElF,QAAQ,IAAI,EAAGW,CAAS,EAExB,GAAI,CACA,IAAMC,EAAU,MAAM,MAClB,GAAGZ,EAAQ,QAAQ,MAAM,mBAAmBW,CAAS,aAAaX,EAAQ,QAAQ,QAAQ,GAC1FO,EAAiB,CACrB,EAEA,QAAQ,IAAI,CAAC,EAEb,IAAMM,EAAQ,MAAMD,EAAQ,KAAK,EAIjC,OAFA,QAAQ,IAAI,EAAGC,CAAI,EAEfA,EAAK,WAAa,MAClB,QAAQ,IAAI,CAAC,EACNZ,EAAaD,EAASU,EAASA,EAAO,EAAIb,EAAa,KAAK,CAAC,IAGxE,QAAQ,IAAI,CAAC,EACNQ,EAASL,EAASa,EAAK,QAAQ,EAC1C,OAASC,EAAK,CACV,eAAQ,IAAI,EAAGA,CAAG,EACXT,EAASL,CAAO,CAC3B,CACJ","sourcesContent":["import { NextResponse } from 'next/server';\nimport type { NextRequest } from 'next/server';\n\nconst DEFAULT_REDIRECT = '/auth/login';\n\nfunction isJsonRequest(request: NextRequest): boolean {\n return request.headers.get('accept') === 'application/json';\n}\n\nfunction applyHeaders(request: NextRequest, response: NextResponse): NextResponse {\n response.headers.set('x-origin', request.nextUrl.origin);\n response.headers.set('x-pathname', request.nextUrl.pathname);\n response.headers.set('x-search-params', request.nextUrl.searchParams.toString());\n return response;\n}\n\nfunction getRelativeUrl(url: NextRequest['nextUrl']): string {\n return url.toString().replace(url.origin, '');\n}\n\nfunction redirect(request: NextRequest, pathname = DEFAULT_REDIRECT): NextResponse {\n if (request.nextUrl.pathname === pathname) {\n return applyHeaders(request, NextResponse.next());\n }\n\n return applyHeaders(\n request,\n isJsonRequest(request)\n ? NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n : NextResponse.redirect(\n `${request.nextUrl.origin}${pathname}?r=${encodeURIComponent(\n getRelativeUrl(request.nextUrl)\n )}`\n )\n );\n}\n\n/*\n * When deployed to Vercel in a preview environment, we need to bypass the protection when fetching\n * the session from the API.\n */\nfunction bypassProtection(): RequestInit {\n const headers = new Headers();\n\n if (process.env.VERCEL_AUTOMATION_BYPASS_SECRET) {\n headers.append('x-vercel-protection-bypass', process.env.VERCEL_AUTOMATION_BYPASS_SECRET);\n }\n\n return { headers };\n}\n\nexport async function handleMiddleware(\n request: NextRequest,\n nextFn?: () => NextResponse\n): Promise<NextResponse> {\n console.log(1);\n\n // If the URL is /api/session, we should just return the response, otherwise we end up in a loop\n if (request.nextUrl.pathname === '/api/session') {\n console.log(2);\n return applyHeaders(request, nextFn ? nextFn() : NextResponse.next());\n }\n\n console.log(3);\n\n const sessionID =\n request.cookies.get(process.env.AUTH_COOKIE_NAME || 'auth_session')?.value || '';\n\n console.log(4, sessionID);\n\n try {\n const session = await fetch(\n `${request.nextUrl.origin}/api/session?id=${sessionID}&pathname=${request.nextUrl.pathname}`,\n bypassProtection()\n );\n\n console.log(5);\n\n const json = (await session.json()) as { redirect: string | null };\n\n console.log(6, json);\n\n if (json.redirect === null) {\n console.log(7);\n return applyHeaders(request, nextFn ? nextFn() : NextResponse.next());\n }\n\n console.log(7);\n return redirect(request, json.redirect);\n } catch (err) {\n console.log(7, err);\n return redirect(request);\n }\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sqrzro/server",
3
- "version": "2.0.0-bz.55",
3
+ "version": "2.0.0-bz.56",
4
4
  "type": "module",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",