-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathproxy.ts
More file actions
46 lines (36 loc) · 1.34 KB
/
proxy.ts
File metadata and controls
46 lines (36 loc) · 1.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import { auth } from '@/lib/auth'
import { NextResponse } from 'next/server'
export default auth((req) => {
const { nextUrl, auth: session } = req
const pathname = nextUrl.pathname
// Public paths — always allowed
const publicPaths = ['/login', '/register']
if (publicPaths.some((p) => pathname.startsWith(p))) return NextResponse.next()
// LTI and Stripe webhook — excluded from auth
if (pathname.startsWith('/lti') || pathname === '/api/stripe/webhook') {
return NextResponse.next()
}
// Not logged in — redirect to login
if (!session) {
const loginUrl = new URL('/login', req.url)
loginUrl.searchParams.set('next', pathname)
return NextResponse.redirect(loginUrl)
}
const role = session.user.role
// Teacher-only routes
const teacherPaths = ['/dashboard', '/notes', '/boards', '/settings']
if (teacherPaths.some((p) => pathname.startsWith(p)) && role !== 'teacher') {
return NextResponse.redirect(new URL('/my-notes', req.url))
}
// Student-only routes
if (pathname.startsWith('/my-notes') && role !== 'student') {
return NextResponse.redirect(new URL('/dashboard', req.url))
}
// /s/* and /b/* — both roles, must be logged in (already checked above)
return NextResponse.next()
})
export const config = {
matcher: [
'/((?!_next/static|_next/image|favicon.ico|api/auth).*)',
],
}