mirror of
https://github.com/d0zingcat/NotionNext.git
synced 2026-05-13 23:16:47 +00:00
59 lines
1.7 KiB
TypeScript
59 lines
1.7 KiB
TypeScript
import { clerkMiddleware, createRouteMatcher } from '@clerk/nextjs/server'
|
|
import { NextResponse } from 'next/server'
|
|
|
|
/**
|
|
* Clerk 身份验证中间件
|
|
*/
|
|
export const config = {
|
|
// 这里设置白名单,防止静态资源被拦截
|
|
matcher: ['/((?!.*\\..*|_next|/sign-in|/auth).*)', '/', '/(api|trpc)(.*)']
|
|
}
|
|
|
|
// 限制登录访问的路由
|
|
const isTenantRoute = createRouteMatcher([
|
|
'/user/organization-selector(.*)',
|
|
'/user/orgid/(.*)'
|
|
])
|
|
|
|
// 限制权限访问的路由
|
|
const isTenantAdminRoute = createRouteMatcher([
|
|
'/admin/(.*)/memberships',
|
|
'/admin/(.*)/domain'
|
|
])
|
|
|
|
/**
|
|
* 没有配置权限相关功能的返回
|
|
* @param req
|
|
* @param ev
|
|
* @returns
|
|
*/
|
|
// eslint-disable-next-line @typescript-eslint/require-await, @typescript-eslint/no-explicit-any, @typescript-eslint/no-unused-vars
|
|
const noAuthMiddleware = async (req: any, ev: any) => {
|
|
// 如果没有配置 Clerk 相关环境变量,返回一个默认响应或者继续处理请求
|
|
return NextResponse.next()
|
|
}
|
|
|
|
/**
|
|
* 鉴权中间件
|
|
*/
|
|
const authMiddleware = process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
|
|
? clerkMiddleware(
|
|
(auth, req) => {
|
|
// 限制管理员路由访问权限
|
|
if (isTenantAdminRoute(req)) {
|
|
auth().protect(has => {
|
|
return (
|
|
has({ permission: 'org:sys_memberships:manage' }) ||
|
|
has({ permission: 'org:sys_domains_manage' })
|
|
)
|
|
})
|
|
}
|
|
// 限制组织路由访问权限
|
|
if (isTenantRoute(req)) auth().protect()
|
|
}
|
|
// { debug: process.env.npm_lifecycle_event === 'dev' } // 开发调试模式打印日志
|
|
)
|
|
: noAuthMiddleware
|
|
|
|
export default authMiddleware
|