登录-clerk方案

2026-05-30 07:26:45 +00:00 · 2024-06-17 17:03:42 +08:00
parent be048bb51e
commit b0ee510624
14 changed files with 421 additions and 93 deletions
--- a/middleware.ts
+++ b/middleware.ts
@@ -0,0 +1,40 @@
+import { clerkMiddleware, createRouteMatcher } from '@clerk/nextjs/server'
+
+/**
+ * clerk 身份验证中间件
+ */
+export const config = {
+  // 这里设置白名单，防止静态资源被拦截
+  matcher: ['/((?!.*\\..*|_next|/sign-in).*)', '/', '/(api|trpc)(.*)']
+}
+
+// 被保护的路由
+
+const isTenantRoute = createRouteMatcher([
+  '/user/organization-selector(.*)',
+  '/user/orgid/(.*)'
+])
+
+// 被限制权限的路由
+const isTenantAdminRoute = createRouteMatcher([
+  '/admin/(.*)/memberships',
+  '/admin/(.*)/domain'
+])
+
+// 路由登录及权限检查
+export default clerkMiddleware(
+  (auth, req) => {
+    // Restrict admin routes to users with specific permissions
+    if (isTenantAdminRoute(req)) {
+      auth().protect(has => {
+        return (
+          has({ permission: 'org:sys_memberships:manage' }) ||
+          has({ permission: 'org:sys_domains_manage' })
+        )
+      })
+    }
+    // Restrict organization routes to signed in users
+    if (isTenantRoute(req)) auth().protect()
+  }
+  //   { debug: process.env.npm_lifecycle_event === 'dev' } // 开发调试模式打印日志
+)