forked from Streampay-Org/StreamPay-Frontend
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmiddleware.ts
More file actions
48 lines (38 loc) · 1.49 KB
/
middleware.ts
File metadata and controls
48 lines (38 loc) · 1.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
import { NextRequest, NextResponse } from 'next/server';
import { validateConfig } from './app/lib/config/index';
import { buildAllowedOriginSet, isOriginAllowed, DEFAULT_CORS_HEADERS, DEFAULT_CORS_METHODS, DEFAULT_CORS_MAX_AGE_SECONDS } from './app/lib/cors';
// Validate configuration at middleware initialization so invalid CORS settings fail early.
validateConfig();
const allowedOrigins = buildAllowedOriginSet(process.env.ALLOWED_ORIGINS);
export const config = {
matcher: ['/api/:path*'],
};
function buildCorsHeaders(origin: string) {
const headers = new Headers();
headers.set('Access-Control-Allow-Origin', origin);
headers.set('Access-Control-Allow-Methods', DEFAULT_CORS_METHODS);
headers.set('Access-Control-Allow-Headers', DEFAULT_CORS_HEADERS);
headers.set('Access-Control-Max-Age', String(DEFAULT_CORS_MAX_AGE_SECONDS));
headers.set('Vary', 'Origin');
return headers;
}
export function middleware(request: NextRequest) {
const origin = request.headers.get('origin');
const originAllowed = isOriginAllowed(origin, allowedOrigins);
if (request.method === 'OPTIONS') {
if (!originAllowed) {
return new NextResponse(null, { status: 204 });
}
return new NextResponse(null, {
status: 204,
headers: buildCorsHeaders(origin!),
});
}
const response = NextResponse.next();
if (originAllowed) {
const headers = response.headers;
headers.set('Access-Control-Allow-Origin', origin!);
headers.set('Vary', 'Origin');
}
return response;
}