48 lines
1.4 KiB
TypeScript
48 lines
1.4 KiB
TypeScript
import { authMiddleware } from '@konobangu/auth/middleware';
|
|
import { env } from '@konobangu/env';
|
|
import { parseError } from '@konobangu/observability/error';
|
|
import { secure } from '@konobangu/security';
|
|
import {
|
|
noseconeConfig,
|
|
noseconeMiddleware,
|
|
} from '@konobangu/security/middleware';
|
|
import { type NextRequest, NextResponse } from 'next/server';
|
|
|
|
export const config = {
|
|
// matcher tells Next.js which routes to run the middleware on. This runs the
|
|
// middleware on all routes except for static assets and Posthog ingest
|
|
matcher: ['/((?!_next/static|_next/image|ingest|favicon.ico).*)'],
|
|
};
|
|
|
|
const securityHeaders = noseconeMiddleware(noseconeConfig);
|
|
|
|
export const middleware = async (request: NextRequest) => {
|
|
const beforeMiddleware = async (request: NextRequest) => {
|
|
if (!env.ARCJET_KEY) {
|
|
return securityHeaders();
|
|
}
|
|
|
|
try {
|
|
await secure(
|
|
[
|
|
// See https://docs.arcjet.com/bot-protection/identifying-bots
|
|
'CATEGORY:SEARCH_ENGINE', // Allow search engines
|
|
'CATEGORY:PREVIEW', // Allow preview links to show OG images
|
|
'CATEGORY:MONITOR', // Allow uptime monitoring services
|
|
],
|
|
request
|
|
);
|
|
|
|
return securityHeaders();
|
|
} catch (error) {
|
|
const message = parseError(error);
|
|
|
|
return NextResponse.json({ error: message }, { status: 403 });
|
|
}
|
|
};
|
|
|
|
const response = await beforeMiddleware(request);
|
|
|
|
return authMiddleware(response as any);
|
|
};
|