git/postgres
1
0
Fork 0
mirror of https://github.com/johndoe6345789/postgres.git synced 2026-04-25 14:25:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2b5df81aec873e38bbf65d4ffb5ee732fe2b9017
postgres/src/proxy.ts
copilot-swe-agent[bot] 8765b6c589 Fix security issues and linting errors 
Co-authored-by: johndoe6345789 <224850594+johndoe6345789@users.noreply.github.com>
2026-01-08 01:24:38 +00:00

89 lines
2.6 KiB
TypeScript
Raw Blame History

import type { NextFetchEvent, NextRequest } from 'next/server';
import { detectBot } from '@arcjet/next';
import { clerkMiddleware, createRouteMatcher } from '@clerk/nextjs/server';
import createMiddleware from 'next-intl/middleware';
import { NextResponse } from 'next/server';
import arcjet from '@/libs/Arcjet';
import { routing } from './libs/I18nRouting';
const handleI18nRouting = createMiddleware(routing);
const isProtectedRoute = createRouteMatcher([
'/dashboard(.*)',
'/:locale/dashboard(.*)',
]);
const isAuthPage = createRouteMatcher([
'/sign-in(.*)',
'/:locale/sign-in(.*)',
'/sign-up(.*)',
'/:locale/sign-up(.*)',
]);
// Admin routes that should bypass i18n routing
const ADMIN_ROUTE_PREFIX = '/admin';
const ADMIN_API_PREFIX = '/api/admin';
// Improve security with Arcjet
const aj = arcjet.withRule(
detectBot({
mode: 'LIVE',
// Block all bots except the following
allow: [
// See https://docs.arcjet.com/bot-protection/identifying-bots
'CATEGORY:SEARCH_ENGINE', // Allow search engines
'CATEGORY:PREVIEW', // Allow preview links to show OG images
'CATEGORY:MONITOR', // Allow uptime monitoring services
],
}),
);
export default async function proxy(
request: NextRequest,
event: NextFetchEvent,
) {
// Skip i18n routing for admin and API routes
if (request.nextUrl.pathname.startsWith(ADMIN_ROUTE_PREFIX)
|| request.nextUrl.pathname.startsWith(ADMIN_API_PREFIX)) {
return NextResponse.next();
}
// Verify the request with Arcjet
// Use `process.env` instead of Env to reduce bundle size in middleware
if (process.env.ARCJET_KEY) {
const decision = await aj.protect(request);
if (decision.isDenied()) {
return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
}
}
// Clerk keyless mode doesn't work with i18n, this is why we need to run the middleware conditionally
if (
isAuthPage(request) || isProtectedRoute(request)
) {
return clerkMiddleware(async (auth, req) => {
if (isProtectedRoute(req)) {
const locale = req.nextUrl.pathname.match(/(\/.*)\/dashboard/)?.at(1) ?? '';
const signInUrl = new URL(`${locale}/sign-in`, req.url);
await auth.protect({
unauthenticatedUrl: signInUrl.toString(),
});
}
return handleI18nRouting(req);
})(request, event);
}
return handleI18nRouting(request);
}
export const config = {
// Match all pathnames except for
// - … if they start with `/_next`, `/_vercel` or `monitoring`
// - … the ones containing a dot (e.g. `favicon.ico`)
matcher: '/((?!_next|_vercel|monitoring|.*\\..*).*)',
};
Reference in New Issue View Git Blame Copy Permalink