Kirubel-Kibru-Yaltopia
89440985f1
Some checks failed
Deploy to Cloudflare Workers / deploy (push) Has been cancelled
112 lines
3.4 KiB
TypeScript
112 lines
3.4 KiB
TypeScript
import { createServerClient } from "@supabase/ssr";
|
|
import { NextResponse, type NextRequest } from "next/server";
|
|
import { getSupabaseEnv } from "./env";
|
|
import {
|
|
loginForPath,
|
|
pathForRole,
|
|
roleForPath,
|
|
} from "@/lib/middleware/portal";
|
|
import type { PortalRole } from "@/lib/auth/roles";
|
|
import { portalRoleFromMetadata } from "@/lib/auth/resolve-portal-role";
|
|
|
|
export async function updateSession(request: NextRequest) {
|
|
let supabaseResponse = NextResponse.next({ request });
|
|
|
|
let url: string;
|
|
let anonKey: string;
|
|
try {
|
|
({ url, anonKey } = getSupabaseEnv());
|
|
} catch {
|
|
return supabaseResponse;
|
|
}
|
|
|
|
const supabase = createServerClient(url, anonKey, {
|
|
cookies: {
|
|
getAll() {
|
|
return request.cookies.getAll();
|
|
},
|
|
setAll(cookiesToSet) {
|
|
cookiesToSet.forEach(({ name, value }) =>
|
|
request.cookies.set(name, value)
|
|
);
|
|
supabaseResponse = NextResponse.next({ request });
|
|
cookiesToSet.forEach(({ name, value, options }) =>
|
|
supabaseResponse.cookies.set(name, value, options)
|
|
);
|
|
},
|
|
},
|
|
});
|
|
|
|
const {
|
|
data: { user },
|
|
} = await supabase.auth.getUser();
|
|
|
|
const pathname = request.nextUrl.pathname;
|
|
const isAuthPage =
|
|
pathname.startsWith("/login") || pathname.startsWith("/signup");
|
|
const isPasswordFlow =
|
|
pathname.startsWith("/forgot-password") ||
|
|
pathname === "/reset-password" ||
|
|
pathname.startsWith("/auth/");
|
|
const isApi = pathname.startsWith("/api/");
|
|
const isApiHealth = pathname === "/api/health";
|
|
const isPublic =
|
|
pathname === "/" || isAuthPage || isApiHealth || isPasswordFlow;
|
|
const requiredRole = roleForPath(pathname);
|
|
|
|
if (!user && !isPublic && !isApi) {
|
|
const redirectUrl = request.nextUrl.clone();
|
|
redirectUrl.pathname = loginForPath(pathname);
|
|
return NextResponse.redirect(redirectUrl);
|
|
}
|
|
|
|
let portalRole: PortalRole | null = null;
|
|
if (user) {
|
|
const { data: profile, error: profileError } = await supabase
|
|
.from("profiles")
|
|
.select("portal_role")
|
|
.eq("id", user.id)
|
|
.maybeSingle();
|
|
|
|
if (!profileError && profile?.portal_role) {
|
|
portalRole = profile.portal_role as PortalRole;
|
|
} else {
|
|
portalRole = portalRoleFromMetadata(user) ?? "manager";
|
|
}
|
|
}
|
|
|
|
if (user && isAuthPage && !isPasswordFlow) {
|
|
const redirectUrl = request.nextUrl.clone();
|
|
redirectUrl.pathname = pathForRole(portalRole);
|
|
return NextResponse.redirect(redirectUrl);
|
|
}
|
|
|
|
if (user && pathname === "/reset-password") {
|
|
return supabaseResponse;
|
|
}
|
|
|
|
if (user && requiredRole && portalRole !== requiredRole) {
|
|
const redirectUrl = request.nextUrl.clone();
|
|
redirectUrl.pathname = pathForRole(portalRole);
|
|
return NextResponse.redirect(redirectUrl);
|
|
}
|
|
|
|
if (user && pathname === "/players" && portalRole === "manager") {
|
|
const redirectUrl = request.nextUrl.clone();
|
|
redirectUrl.pathname = pathForRole(portalRole);
|
|
return NextResponse.redirect(redirectUrl);
|
|
}
|
|
|
|
if (user && pathname === "/leagues" && portalRole === "manager") {
|
|
const redirectUrl = request.nextUrl.clone();
|
|
redirectUrl.pathname = "/manager/leagues";
|
|
return NextResponse.redirect(redirectUrl);
|
|
}
|
|
|
|
if (user && pathname.startsWith("/leagues/") && portalRole === "manager") {
|
|
return supabaseResponse;
|
|
}
|
|
|
|
return supabaseResponse;
|
|
}
|