-
-
Notifications
You must be signed in to change notification settings - Fork 11.2k
/
middleware.ts
68 lines (61 loc) · 1.92 KB
/
middleware.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
import { clerkMiddleware, createRouteMatcher } from '@clerk/nextjs/server'
import { NextResponse } from 'next/server'
/**
* Clerk 身份验证中间件
*/
export const config = {
// 这里设置白名单,防止静态资源被拦截
matcher: ['/((?!.*\\..*|_next|/sign-in|/auth).*)', '/', '/(api|trpc)(.*)']
}
// 限制登录访问的路由
const isTenantRoute = createRouteMatcher([
'/user/organization-selector(.*)',
'/user/orgid/(.*)',
'/dashboard',
'/dashboard/(.*)'
])
// 限制权限访问的路由
const isTenantAdminRoute = createRouteMatcher([
'/admin/(.*)/memberships',
'/admin/(.*)/domain'
])
/**
* 没有配置权限相关功能的返回
* @param req
* @param ev
* @returns
*/
// eslint-disable-next-line @typescript-eslint/require-await, @typescript-eslint/no-explicit-any, @typescript-eslint/no-unused-vars
const noAuthMiddleware = async (req: any, ev: any) => {
// 如果没有配置 Clerk 相关环境变量,返回一个默认响应或者继续处理请求
return NextResponse.next()
}
/**
* 鉴权中间件
*/
const authMiddleware = process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
? clerkMiddleware(async (auth, req) => {
const { userId } = auth()
// 处理 /dashboard 路由的登录保护
if (isTenantRoute(req)) {
if (!userId) {
// 用户未登录,重定向到 /sign-in
const url = new URL('/sign-in', req.url)
url.searchParams.set('redirectTo', req.url) // 保存重定向目标
return NextResponse.redirect(url)
}
}
// 处理管理员相关权限保护
if (isTenantAdminRoute(req)) {
auth().protect(has => {
return (
has({ permission: 'org:sys_memberships:manage' }) ||
has({ permission: 'org:sys_domains_manage' })
)
})
}
// 默认继续处理请求
return NextResponse.next()
})
: noAuthMiddleware
export default authMiddleware