Notion-Auth

2026-05-21 23:16:48 +00:00 · 2024-07-10 09:19:59 +08:00
parent da90c17b3a
commit ccf0c18017
11 changed files with 1247 additions and 406 deletions
--- a/middleware.ts
+++ b/middleware.ts
@@ -1,40 +1,57 @@
 import { clerkMiddleware, createRouteMatcher } from '@clerk/nextjs/server'
+import { NextResponse } from 'next/server'

 /**
- * clerk 身份验证中间件
+ * Clerk 身份验证中间件
 */
 export const config = {
  // 这里设置白名单，防止静态资源被拦截
-  matcher: ['/((?!.*\\..*|_next|/sign-in).*)', '/', '/(api|trpc)(.*)']
+  matcher: ['/((?!.*\\..*|_next|/sign-in|/auth).*)', '/', '/(api|trpc)(.*)']
 }

-// 被保护的路由
-
+// 限制登录访问的路由
 const isTenantRoute = createRouteMatcher([
  '/user/organization-selector(.*)',
  '/user/orgid/(.*)'
 ])

-// 被限制权限的路由
+// 限制权限访问的路由
 const isTenantAdminRoute = createRouteMatcher([
  '/admin/(.*)/memberships',
  '/admin/(.*)/domain'
 ])

-// 路由登录及权限检查
-export default clerkMiddleware(
-  (auth, req) => {
-    // Restrict admin routes to users with specific permissions
-    if (isTenantAdminRoute(req)) {
-      auth().protect(has => {
-        return (
-          has({ permission: 'org:sys_memberships:manage' }) ||
-          has({ permission: 'org:sys_domains_manage' })
-        )
-      })
-    }
-    // Restrict organization routes to signed in users
-    if (isTenantRoute(req)) auth().protect()
-  }
-  //   { debug: process.env.npm_lifecycle_event === 'dev' } // 开发调试模式打印日志
-)
+/**
+ * 没有配置权限相关功能的返回
+ * @param req
+ * @param ev
+ * @returns
+ */
+const noAuthMiddleware = async (req, ev) => {
+  // 如果没有配置 Clerk 相关环境变量，返回一个默认响应或者继续处理请求
+  return NextResponse.next()
+}
+
+/**
+ * 鉴权中间件
+ */
+const authMiddleware = process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
+  ? clerkMiddleware(
+      (auth, req) => {
+        // 限制管理员路由访问权限
+        if (isTenantAdminRoute(req)) {
+          auth().protect(has => {
+            return (
+              has({ permission: 'org:sys_memberships:manage' }) ||
+              has({ permission: 'org:sys_domains_manage' })
+            )
+          })
+        }
+        // 限制组织路由访问权限
+        if (isTenantRoute(req)) auth().protect()
+      }
+      // { debug: process.env.npm_lifecycle_event === 'dev' } // 开发调试模式打印日志
+    )
+  : noAuthMiddleware
+
+export default authMiddleware