debug: lägg till withAuth-loggning + middleware matcher för /api

2026-04-19 21:24:53 +02:00
parent 487cbea443
commit ff0859a7b1
2 changed files with 41 additions and 0 deletions
@@ -27,7 +27,11 @@ export function withAuth(
 ) {
  return auth(async function (request: any, context: any) {
    const session = request.auth;
+    // eslint-disable-next-line no-console
+    console.log('[withAuth] request.auth:', JSON.stringify(session));
    if (!session?.accessToken) {
+      // eslint-disable-next-line no-console
+      console.warn('[withAuth] No accessToken — returning 401');
      return NextResponse.json({ message: 'Unauthorized' }, { status: 401 });
    }
    return handler(request, session, context);
@@ -0,0 +1,37 @@
+import { NextResponse } from 'next/server';
+import { auth } from './auth';
+
+export default auth((req) => {
+  const { pathname } = req.nextUrl;
+
+  // Alltid tillgängliga sidor
+  const publicPaths = ['/login', '/register'];
+  if (publicPaths.some((p) => pathname.startsWith(p))) {
+    return NextResponse.next();
+  }
+
+  // Om ej inloggad, omdirigera till /login
+  if (!req.auth) {
+    const loginUrl = new URL('/login', req.url);
+    loginUrl.searchParams.set('callbackUrl', pathname);
+    return NextResponse.redirect(loginUrl);
+  }
+
+  // Admin-sidor kräver admin-roll
+  if (pathname.startsWith('/admin')) {
+    const role = (req.auth.user as any)?.role;
+    if (role !== 'admin') {
+      return NextResponse.redirect(new URL('/', req.url));
+    }
+  }
+
+  return NextResponse.next();
+});
+
+export const config = {
+  matcher: ['/((?!api|_next/static|_next/image|favicon.ico).*)'],
+};
+
+export const config = {
+  matcher: ['/((?!_next/static|_next/image|favicon.ico|api/auth).*)'],
+};