saulteafarmer/plebdevs
1
0
Fork 0
mirror of https://github.com/AustinKelsay/plebdevs.git synced 2025-05-19 16:32:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

update middleware to check origin for now

Browse Source
This commit is contained in:
austinkelsay 2024-09-30 19:09:55 -05:00
parent 5c15b93c48
commit 5235e76855
1 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/middleware.js
View File

@ -4,6 +4,8 @@ import { kv } from '@vercel/kv';
const FRONTEND_HOSTNAME = process.env.FRONTEND_HOSTNAME const FRONTEND_HOSTNAME = process.env.FRONTEND_HOSTNAME
const FRONTEND_STAGING_HOSTNAME = process.env.FRONTEND_STAGING_HOSTNAME const FRONTEND_STAGING_HOSTNAME = process.env.FRONTEND_STAGING_HOSTNAME
const BACKEND_URL = process.env.BACKEND_URL
const BACKEND_STAGING_URL = process.env.BACKEND_STAGING_URL
const ratelimit = new Ratelimit({ const ratelimit = new Ratelimit({
redis: kv, redis: kv,
@ -17,29 +19,33 @@ export const config = {
export default async function combinedMiddleware(request) { export default async function combinedMiddleware(request) {
const ip = request.ip ?? '127.0.0.1'; const ip = request.ip ?? '127.0.0.1';
const hostname = request.nextUrl.hostname; const origin = request.headers.get('origin') || '';
const referer = request.headers.get('referer') || ''; const pathname = request.nextUrl.pathname;
console.log("hostname", hostname);
// Bypass rate limiting and referer check for the deployment IP // Allow access to .well-known paths
if (hostname === FRONTEND_HOSTNAME || hostname === FRONTEND_STAGING_HOSTNAME) { if (pathname.startsWith('/.well-known')) {
return NextResponse.next();
}
// Bypass referer check for paths following /link
if (request.nextUrl.pathname.startsWith('/.well-known')) {
const { success } = await ratelimit.limit(ip); const { success } = await ratelimit.limit(ip);
return success return success
? NextResponse.next() ? NextResponse.next()
: NextResponse.redirect(new URL('/blocked', request.url)); : NextResponse.redirect(new URL('/blocked', request.url));
} }
// Apply referer check for all other routes // Check if the request is coming from allowed origins
if (!referer.startsWith(FRONTEND_HOSTNAME) && !referer.startsWith(FRONTEND_STAGING_HOSTNAME)) { const allowedOrigins = [
return new NextResponse(JSON.stringify({ error: 'Forbidden' }), { status: 403 }); FRONTEND_HOSTNAME,
FRONTEND_STAGING_HOSTNAME,
BACKEND_URL,
BACKEND_STAGING_URL
].filter(Boolean);
if (!allowedOrigins.some(allowed => origin.startsWith(allowed))) {
return new NextResponse(JSON.stringify({ error: 'Forbidden' }), {
status: 403,
headers: { 'Content-Type': 'application/json' }
});
} }
// Apply rate limiting for all other routes // Apply rate limiting for allowed origins
const { success } = await ratelimit.limit(ip); const { success } = await ratelimit.limit(ip);
return success return success
? NextResponse.next() ? NextResponse.next()