Initial commit - Route Commerce platform
This commit is contained in:
@@ -0,0 +1,32 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import type { NextRequest } from "next/server";
|
||||
|
||||
// Simple route protection — admin pages redirect to login when no rc_auth_uid cookie.
|
||||
// Dev bypass: dev_session cookie bypasses this check in development only.
|
||||
export function proxy(request: NextRequest) {
|
||||
const { pathname } = request.nextUrl;
|
||||
|
||||
// Skip non-admin routes
|
||||
if (!pathname.startsWith("/admin")) {
|
||||
return NextResponse.next();
|
||||
}
|
||||
|
||||
// Development bypass — dev_session cookie is set client-side by the login form
|
||||
if (process.env.NODE_ENV === "development") {
|
||||
const devSession = request.cookies.get("dev_session")?.value;
|
||||
if (devSession) return NextResponse.next();
|
||||
}
|
||||
|
||||
// Check rc_auth_uid (new) or rc_uid (legacy) cookie
|
||||
const uid = request.cookies.get("rc_auth_uid")?.value ?? request.cookies.get("rc_uid")?.value;
|
||||
if (uid) return NextResponse.next();
|
||||
|
||||
// Not authenticated — redirect to login
|
||||
const loginUrl = new URL("/login", request.url);
|
||||
loginUrl.searchParams.set("redirect", pathname);
|
||||
return NextResponse.redirect(loginUrl);
|
||||
}
|
||||
|
||||
export const config = {
|
||||
matcher: ["/admin/:path*"],
|
||||
};
|
||||
Reference in New Issue
Block a user