feat: enhance CORS configuration and implement throttling for API endpoints; add admin role checks in controllers
This commit is contained in:
Nils-Johan Gynther
@@ -0,0 +1,19 @@
|
||||
import { auth } from './auth';
|
||||
import { NextResponse } from 'next/server';
|
||||
|
||||
export default auth((req) => {
|
||||
const { pathname } = req.nextUrl;
|
||||
|
||||
if (pathname.startsWith('/admin')) {
|
||||
const role = (req.auth?.user as any)?.role;
|
||||
if (role !== 'admin') {
|
||||
const loginUrl = new URL('/login', req.url);
|
||||
loginUrl.searchParams.set('callbackUrl', pathname);
|
||||
return NextResponse.redirect(loginUrl);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
export const config = {
|
||||
matcher: ['/admin/:path*'],
|
||||
};
|
||||
Reference in New Issue
Block a user