-
Notifications
You must be signed in to change notification settings - Fork 0
/
middleware.ts
66 lines (50 loc) · 1.95 KB
/
middleware.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
import { withAuth } from 'next-auth/middleware';
import { encode, getToken } from 'next-auth/jwt';
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
import { refreshAccessToken } from './lib/auth';
function secureCheck(cookie: string) {
return cookie.startsWith('__Secure') || cookie.startsWith('__Host');
}
function signOut(request: NextRequest, message?: string) {
const response = NextResponse.redirect(new URL(`/login${message ? `?error=${message}` : ''}`, request.url));
request.cookies.getAll().forEach(cookie => {
if (cookie.name.includes('next-auth')) {
const options = { maxAge: 0, secure: secureCheck(cookie.name) };
response.cookies.set(cookie.name, cookie.value, options);
}
});
return response;
}
const sessionCookie = process.env.NEXTAUTH_URL?.startsWith('https://')
? '__Secure-next-auth.session-token'
: 'next-auth.session-token';
export default withAuth(
async req => {
const token = await getToken({ req });
if (!token) return signOut(req, '获取 token 失败');
if (!token.expires) return signOut(req, 'token expires 不存在');
if (Date.now() < token.expires) return NextResponse.next();
const _token = await refreshAccessToken(token);
if (!_token) return signOut(req, '刷新 token 失败');
const session = await encode({
secret: process.env.NEXTAUTH_SECRET ?? '',
token: _token,
maxAge: (_token.expires - Date.now()) / 1000 + 43200 // 多添加半天的有效期
});
req.cookies.set(sessionCookie, session);
const response = NextResponse.next({ request: { headers: req.headers } });
response.cookies.set(sessionCookie, session, { secure: secureCheck(sessionCookie) });
return response;
},
{
pages: {
signIn: '/login',
signOut: '/login',
error: '/login'
}
}
);
export const config = {
matcher: '/((?!api|_next/static|_next/image|fonts|musume|placeholder|favicon.ico|login).*)'
};