selfhostyourtech/reflector
2
0
Fork 0
mirror of https://github.com/Monadical-SAS/reflector.git synced 2025-12-20 20:29:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5c89a07996e597c642a3401aef916558d09e9f75
reflector/www/middleware.ts
Mathieu Virbel 03561453c5 feat: Monadical SSO as replacement of Fief (#393) 
* sso: first pass for integrating SSO

still have issue on refreshing
maybe customize the login page, or completely avoid it
make 100% to understand how session server/client are working
need to test with different configuration option (features flags and
requireLogin)

* sso: correctly handle refresh token, with pro-active refresh

Going on interceptors make extra calls to reflector when 401.
We need then to circle back with NextJS backend to update the jwt,
session, then retry the failed request.

I prefered to go pro-active, and ensure the session AND jwt are always
up to date.

A minute before the expiration, we'll try to refresh it. useEffect() of
NextJS cannot be asynchronous, so we cannot wait for the token to be
refreshed.

Every 20s, a minute before the expiration (so 3x in total max) we'll try
to renew. When the accessToken is renewed, the session is updated, and
dispatching up to the client, which updates the useApi().

Therefore, no component will left without a incorrect token.

* fixes: issue with missing key on react-select-search because the default value is undefined

* sso: fixes login/logout button, and avoid seeing the login with authentik page when clicking

* sso: ensure /transcripts/new is not behind protected page, and feature flags page are honored

* sso: fixes user sub->id

* fixes: remove old layout not used

* fixes: set default NEXT_PUBLIC_SITE_URL as localhost

* fixes: removing fief again due to merge with main

* sso: ensure session is always ready before doing any action

* sso: add migration from fief to jwt in server, only from transcripts list

* fixes: user tests

* fixes: compilation issues
2024-09-03 19:27:15 +02:00

108 lines
2.7 KiB
TypeScript
Raw Blame History

import { withAuth } from "next-auth/middleware";
import { getConfig } from "./app/lib/edgeConfig";
import { NextResponse } from "next/server";
const LOGIN_REQUIRED_PAGES = [
"/transcripts/[!new]",
"/browse(.*)",
"/rooms(.*)",
];
const PROTECTED_PAGES = new RegExp(
LOGIN_REQUIRED_PAGES.map((page) => `^${page}$`).join("|"),
);
export const config = {
matcher: [
"/((?!api|_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)",
// must be a copy of LOGIN_REQUIRED_PAGES
// cannot use anything dynamic (...LOGIN_REQUIRED_PAGES, or .concat(LOGIN_REQUIRED_PAGES))
// as per https://nextjs.org/docs/messages/invalid-page-config
"/",
"/transcripts(.*)",
"/browse(.*)",
"/rooms(.*)",
],
};
export default withAuth(
async function middleware(request) {
const config = await getConfig();
const pathname = request.nextUrl.pathname;
// feature-flags protected paths
if (
(!config.features.browse && pathname.startsWith("/browse")) ||
(!config.features.rooms && pathname.startsWith("/rooms"))
) {
return NextResponse.redirect(request.nextUrl.origin);
}
},
{
callbacks: {
async authorized({ req, token }) {
const config = await getConfig();
if (
config.features.requireLogin &&
PROTECTED_PAGES.test(req.nextUrl.pathname)
) {
return !!token;
}
return true;
},
},
},
);
/**
import { NextResponse, NextRequest } from "next/server";
// import { getFiefAuthMiddleware } from "./app/lib/fief";
import { getToken } from "next-auth/jwt";
import { getConfig } from "./app/lib/edgeConfig";
import { authOptions } from "./app/api/auth/[...nextauth]/route";
export async function middleware(request: NextRequest) {
const config = await getConfig();
console.log(
"---------------------------------------------------------------",
);
console.log(
"middleware",
"request.nextUrl.pathname",
request.nextUrl.pathname,
);
console.log("middleware", "config", config);
if (
request.nextUrl.pathname.match(
"^/((?!api|_next/static|_next/image|favicon.ico).*)",
)
) {
// Feature-flag protedted paths
if (
(!config.features.browse &&
request.nextUrl.pathname.startsWith("/browse")) ||
(!config.features.rooms && request.nextUrl.pathname.startsWith("/rooms"))
) {
console.log("!! redirecting to", request.nextUrl.origin);
return NextResponse.redirect(request.nextUrl.origin);
}
if (config.features.requireLogin) {
const fiefMiddleware = await getFiefAuthMiddleware(request.nextUrl);
const fiefResponse = await fiefMiddleware(request);
return fiefResponse;
}
}
return NextResponse.next();
}
**/
Reference in New Issue View Git Blame Copy Permalink