-
Notifications
You must be signed in to change notification settings - Fork 1
/
middleware.ts
86 lines (67 loc) · 2.69 KB
/
middleware.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
import {
clerkMiddleware,
createRouteMatcher,
} from '@clerk/nextjs/server'
// import { type NextRequest, NextResponse } from 'next/server'
import { NextResponse } from 'next/server'
// const allowedOrigins = ['http://localhost:3000', 'https://mango-entertainment.vercel.app/']
// const corsOptions = {
// 'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',
// 'Access-Control-Allow-Headers': 'Content-Type, Authorization',
// }
// export function middleware(request: NextRequest) {
// // Check the origin from the request
// const origin = request.headers.get('origin') ?? ''
// const isAllowedOrigin = allowedOrigins.includes(origin)
// // Handle preflighted requests
// const isPreflight = request.method === 'OPTIONS'
// if (isPreflight) {
// const preflightHeaders = {
// ...(isAllowedOrigin && { 'Access-Control-Allow-Origin': origin }),
// ...corsOptions,
// }
// return NextResponse.json({}, { headers: preflightHeaders })
// }
// // Handle simple requests
// const response = NextResponse.next()
// if (isAllowedOrigin) {
// response.headers.set('Access-Control-Allow-Origin', origin)
// }
// Object.entries(corsOptions).forEach(([key, value]) => {
// response.headers.set(key, value)
// })
// return response
// }
const isPublicRoute = createRouteMatcher(['/', '/api/(.*)', '/sign-in', '/sign-up', '/logo.svg', '/password-reset'])
// const isProtectedRoute = createRouteMatcher([
// '/movies(.*)',
// '/series(.*)',
// '/bookmarks',
// ])
const isApiRoute = createRouteMatcher(['/api/(.*)'])
// This example protects all routes including api/trpc routes
// Please edit this to allow other routes to be public as needed.
// See https://clerk.com/docs/references/nextjs/auth-middleware for more information about configuring your Middleware
export default clerkMiddleware((auth, req) => {
if (isApiRoute(req)) return NextResponse.next()
const { userId, redirectToSignIn, protect } = auth()
const isPublic = isPublicRoute(req)
if (!userId && !isPublic) redirectToSignIn()
if (!isPublic) protect()
return NextResponse.next()
// afterAuth(auth, req, evt) {
// // Handle users who aren't authenticated
// if (!auth.userId && !auth.isPublicRoute) {
// return redirectToSignIn({ returnBackUrl: req.url })
// }
// // If the user is signed in and trying to access a protected route, allow them to access route
// if (auth.userId && !auth.isPublicRoute) {
// return NextResponse.next()
// }
// // Allow users visiting public routes to access them
// return NextResponse.next()
// },
})
export const config = {
matcher: ['/((?!.+\\.[\\w]+$|_next).*)', '/', '/(api|trpc)(.*)'],
}