joachim/location-mqtt-tracker-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Joachim Hummel
2025-11-24 16:30:37 +00:00
commit 843e93a274
114 changed files with 25585 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
middleware.ts Normal file
View File

@@ -0,0 +1,65 @@
import { auth } from "@/lib/auth";
import { NextResponse } from "next/server";
// Force Node.js runtime for SQLite compatibility
export const runtime = 'nodejs';
export default auth((req) => {
const { pathname } = req.nextUrl;
const session = req.auth;
// Check if accessing map route (requires authentication only)
if (pathname.startsWith('/map')) {
// Require authentication for map access
if (!session?.user) {
const loginUrl = new URL('/login', req.url);
loginUrl.searchParams.set('callbackUrl', pathname);
return NextResponse.redirect(loginUrl);
}
// All authenticated users can access the map
return NextResponse.next();
}
// Check if accessing admin routes
if (pathname.startsWith('/admin')) {
// Require authentication
if (!session?.user) {
const loginUrl = new URL('/login', req.url);
loginUrl.searchParams.set('callbackUrl', pathname);
return NextResponse.redirect(loginUrl);
}
const userRole = (session.user as any).role;
// Define VIEWER-accessible routes (read-only)
const viewerAllowedRoutes = [
'/admin', // Dashboard
'/admin/devices', // Devices list (read-only)
];
// Check if VIEWER is accessing allowed route
const isViewerAllowedRoute = viewerAllowedRoutes.some(route =>
pathname === route || pathname.startsWith(route + '/')
);
// VIEWER can only access dashboard and devices (read-only)
if (userRole === 'VIEWER' && !isViewerAllowedRoute) {
const unauthorizedUrl = new URL('/unauthorized', req.url);
unauthorizedUrl.searchParams.set('from', pathname);
return NextResponse.redirect(unauthorizedUrl);
}
// Non-ADMIN and non-VIEWER users are denied
if (userRole !== 'ADMIN' && userRole !== 'VIEWER') {
const unauthorizedUrl = new URL('/unauthorized', req.url);
unauthorizedUrl.searchParams.set('from', pathname);
return NextResponse.redirect(unauthorizedUrl);
}
}
return NextResponse.next();
});
export const config = {
matcher: ["/admin/:path*", "/map/:path*"],
};