b3d151c9f9
- auth.ts: JWT_SECRET必须通过环境变量配置 - crypto.ts: ENCRYPTION_KEY必须通过环境变量配置 - middleware.ts: 添加/assistants和/notes到受保护路由 - db.ts: 更新默认数据库名称
85 lines
2.3 KiB
TypeScript
85 lines
2.3 KiB
TypeScript
import { NextResponse } from 'next/server';
|
|
import type { NextRequest } from 'next/server';
|
|
import { jwtVerify } from 'jose';
|
|
|
|
// JWT 密钥(必须通过环境变量配置)
|
|
const JWT_SECRET = new TextEncoder().encode(
|
|
process.env.JWT_SECRET || ''
|
|
);
|
|
|
|
// Cookie 名称
|
|
const AUTH_COOKIE_NAME = 'lioncode_auth_token';
|
|
|
|
// 需要登录才能访问的路由
|
|
const protectedRoutes = ['/', '/chat', '/settings', '/assistants', '/notes'];
|
|
|
|
// 公开路由(已登录用户访问会重定向到首页)
|
|
const publicRoutes = ['/login', '/register', '/reset-password'];
|
|
|
|
export async function middleware(request: NextRequest) {
|
|
const { pathname } = request.nextUrl;
|
|
|
|
// 忽略 API 路由和静态资源
|
|
if (
|
|
pathname.startsWith('/api/') ||
|
|
pathname.startsWith('/_next/') ||
|
|
pathname.startsWith('/favicon') ||
|
|
pathname.includes('.')
|
|
) {
|
|
return NextResponse.next();
|
|
}
|
|
|
|
// 获取认证 Cookie
|
|
const token = request.cookies.get(AUTH_COOKIE_NAME)?.value;
|
|
|
|
// 验证 Token
|
|
let isAuthenticated = false;
|
|
if (token) {
|
|
try {
|
|
await jwtVerify(token, JWT_SECRET);
|
|
isAuthenticated = true;
|
|
} catch {
|
|
// Token 无效或过期
|
|
isAuthenticated = false;
|
|
}
|
|
}
|
|
|
|
// 检查是否是受保护的路由
|
|
const isProtectedRoute = protectedRoutes.some(
|
|
(route) => pathname === route || pathname.startsWith(`${route}/`)
|
|
);
|
|
|
|
// 检查是否是公开路由
|
|
const isPublicRoute = publicRoutes.some(
|
|
(route) => pathname === route || pathname.startsWith(`${route}/`)
|
|
);
|
|
|
|
// 未登录用户访问受保护路由 -> 重定向到登录页
|
|
if (isProtectedRoute && !isAuthenticated) {
|
|
const loginUrl = new URL('/login', request.url);
|
|
loginUrl.searchParams.set('redirect', pathname);
|
|
return NextResponse.redirect(loginUrl);
|
|
}
|
|
|
|
// 已登录用户访问公开路由 -> 重定向到首页
|
|
if (isPublicRoute && isAuthenticated) {
|
|
return NextResponse.redirect(new URL('/', request.url));
|
|
}
|
|
|
|
return NextResponse.next();
|
|
}
|
|
|
|
// 配置匹配的路由
|
|
export const config = {
|
|
matcher: [
|
|
/*
|
|
* 匹配所有路径除了:
|
|
* - api (API routes)
|
|
* - _next/static (static files)
|
|
* - _next/image (image optimization files)
|
|
* - favicon.ico (favicon file)
|
|
*/
|
|
'/((?!api|_next/static|_next/image|favicon.ico).*)',
|
|
],
|
|
};
|