julienfroidefond/stripstream-librarian
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
2a7881ac6e986a6da0743544a184239e727d63fc
stripstream-librarian/apps/backoffice/proxy.ts
Froidefond Julien 232ecdda41 feat: add backoffice authentication with login page 
- Add login page with logo background, glassmorphism card
- Add session management via JWT (jose) with httpOnly cookie
- Add Next.js proxy middleware to protect all routes
- Add logout button in nav
- Restructure app into (app) route group to isolate login layout
- Add ADMIN_USERNAME, ADMIN_PASSWORD, SESSION_SECRET env vars

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-24 08:48:01 +01:00

39 lines
1.0 KiB
TypeScript
Raw Blame History

import { NextRequest, NextResponse } from "next/server";
import { jwtVerify } from "jose";
import { SESSION_COOKIE } from "./lib/session";
function getSecret(): Uint8Array {
const secret = process.env.SESSION_SECRET;
if (!secret) return new TextEncoder().encode("dev-insecure-secret");
return new TextEncoder().encode(secret);
}
export async function proxy(req: NextRequest) {
const { pathname } = req.nextUrl;
// Skip auth for login page and auth API routes
if (pathname.startsWith("/login") || pathname.startsWith("/api/auth")) {
return NextResponse.next();
}
const token = req.cookies.get(SESSION_COOKIE)?.value;
if (token) {
try {
await jwtVerify(token, getSecret());
return NextResponse.next();
} catch {
// Token invalid or expired
}
}
const loginUrl = new URL("/login", req.url);
loginUrl.searchParams.set("from", pathname);
return NextResponse.redirect(loginUrl);
}
export const config = {
matcher: [
"/((?!_next/static|_next/image|favicon\\.ico|logo\\.png|.*\\.svg).*)",
],
};
Reference in New Issue View Git Blame Copy Permalink