0150aba4f5
- Unify API: lib/api.ts uses /api/v1, inbox uses /api/inbox (rewrites) - Remove localhost refs: openapi, inbox page - Add rewrites: /api/inbox|tmc -> inbox-server, /api/v1 -> FastAPI - Add stub routes: knowledge/insights, recommendations, search, log-error - Transfer from PAPA: prompts (inspection, tmc), scripts, supabase, data/tmc-requests - Fix inbox-server: ORDER BY created_at, package.json - Remove redundant app/api/inbox/files route (rewrites handle it) - knowledge/ in gitignore (large PDFs) Co-authored-by: Cursor <cursoragent@cursor.com>
52 lines
1.6 KiB
TypeScript
52 lines
1.6 KiB
TypeScript
/**
|
|
* Next.js Middleware
|
|
*/
|
|
import { NextResponse } from 'next/server';
|
|
import type { NextRequest } from 'next/server';
|
|
|
|
const PUBLIC_API_ROUTES = ['/api/health', '/api/openapi'];
|
|
|
|
function isPublicRoute(pathname: string): boolean {
|
|
return PUBLIC_API_ROUTES.some(route => pathname.startsWith(route));
|
|
}
|
|
|
|
export function middleware(request: NextRequest) {
|
|
const pathname = request.nextUrl.pathname;
|
|
|
|
if (
|
|
pathname.startsWith('/_next/') ||
|
|
pathname.startsWith('/static/') ||
|
|
pathname.startsWith('/favicon.ico')
|
|
) {
|
|
return NextResponse.next();
|
|
}
|
|
|
|
const response = NextResponse.next();
|
|
|
|
if (!pathname.startsWith('/api') && !pathname.startsWith('/_next')) {
|
|
response.headers.set('X-Content-Type-Options', 'nosniff');
|
|
response.headers.set('X-Frame-Options', 'DENY');
|
|
response.headers.set('X-XSS-Protection', '1; mode=block');
|
|
response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
|
|
const csp = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self' https://api.openai.com";
|
|
response.headers.set('Content-Security-Policy', csp);
|
|
}
|
|
|
|
if (pathname.startsWith('/api') && !isPublicRoute(pathname)) {
|
|
const authHeader = request.headers.get('authorization');
|
|
const cookieToken = request.cookies.get('auth-token')?.value;
|
|
if (!authHeader && !cookieToken) {
|
|
return NextResponse.json(
|
|
{ error: 'Unauthorized', message: 'Missing authentication token' },
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
}
|
|
|
|
return response;
|
|
}
|
|
|
|
export const config = {
|
|
matcher: ['/api/:path*', '/(.*)'],
|
|
};
|