optional auth
This commit is contained in:
Abdelrahman mostafa
parent
1680a1786e
commit
b16f2516a6
17 changed files with 13339 additions and 1297 deletions
69
ui/middleware.ts
Normal file
69
ui/middleware.ts
Normal file
|
|
@ -0,0 +1,69 @@
|
|||
import { NextResponse } from 'next/server';
|
||||
import type { NextRequest } from 'next/server';
|
||||
|
||||
const decodeBase64 = (encoded: string): { username: string; password: string } | null => {
|
||||
try {
|
||||
const decoded = Buffer.from(encoded, 'base64').toString('utf-8');
|
||||
const [username, password] = decoded.split(':');
|
||||
if (username && password) {
|
||||
return { username, password };
|
||||
}
|
||||
return null;
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
};
|
||||
|
||||
const verifyPassword = (inputPassword: string, storedPassword: string): boolean => {
|
||||
return inputPassword === storedPassword;
|
||||
};
|
||||
|
||||
export function middleware(request: NextRequest) {
|
||||
const response = NextResponse.next();
|
||||
|
||||
// Extract cookies from the request
|
||||
const cookies = request.headers.get('cookie');
|
||||
let authEnabled = false;
|
||||
let authUsername = '';
|
||||
let authPassword = '';
|
||||
|
||||
if (cookies) {
|
||||
const parsedCookies = Object.fromEntries(cookies.split('; ').map(c => c.split('=')));
|
||||
authEnabled = parsedCookies['authEnabled'] === 'true';
|
||||
authUsername = parsedCookies['authUsername'] || '';
|
||||
authPassword = parsedCookies['authPassword'] || '';
|
||||
}
|
||||
|
||||
if (authEnabled) {
|
||||
const authHeader = request.headers.get('authorization');
|
||||
|
||||
if (!authHeader || !authHeader.startsWith('Basic ')) {
|
||||
const headers = new Headers();
|
||||
headers.set('WWW-Authenticate', 'Basic realm="Restricted Area"');
|
||||
return new NextResponse('Authentication Required', { status: 401, headers });
|
||||
}
|
||||
|
||||
const encodedCredentials = authHeader.split(' ')[1];
|
||||
const credentials = decodeBase64(encodedCredentials);
|
||||
|
||||
if (
|
||||
!credentials ||
|
||||
credentials.username !== authUsername ||
|
||||
!verifyPassword(credentials.password, authPassword)
|
||||
) {
|
||||
const headers = new Headers();
|
||||
headers.set('WWW-Authenticate', 'Basic realm="Restricted Area"');
|
||||
return new NextResponse('Invalid Credentials', { status: 401, headers });
|
||||
}
|
||||
|
||||
// Credentials are valid; allow access
|
||||
return response;
|
||||
}
|
||||
|
||||
// Authentication not enabled; allow access
|
||||
return response;
|
||||
}
|
||||
|
||||
export const config = {
|
||||
matcher: '/:path*',
|
||||
};
|
||||
Loading…
Add table
Add a link
Reference in a new issue