lobe-chat

1
import { clerkMiddleware, createRouteMatcher } from '@clerk/nextjs/server';
2
import { NextResponse } from 'next/server';
3

4
import { authEnv } from '@/config/auth';
5
import NextAuthEdge from '@/libs/next-auth/edge';
6

7
import { OAUTH_AUTHORIZED } from './const/auth';
8

9
export const config = {
10
  matcher: [
11
    // include any files in the api or trpc folders that might have an extension
12
    '/(api|trpc|webapi)(.*)',
13
    // include the /
14
    '/',
15
    '/chat(.*)',
16
    '/settings(.*)',
17
    '/files(.*)',
18
    '/repos(.*)',
19
    // ↓ cloud ↓
20
  ],
21
};
22

23
const defaultMiddleware = () => NextResponse.next();
24

25
// Initialize an Edge compatible NextAuth middleware
26
const nextAuthMiddleware = NextAuthEdge.auth((req) => {
27
  // skip the '/' route
28
  if (req.nextUrl.pathname === '/') return NextResponse.next();
29

30
  // Just check if session exists
31
  const session = req.auth;
32

33
  // Check if next-auth throws errors
34
  // refs: https://github.com/lobehub/lobe-chat/pull/1323
35
  const isLoggedIn = !!session?.expires;
36

37
  // Remove & amend OAuth authorized header
38
  const requestHeaders = new Headers(req.headers);
39
  requestHeaders.delete(OAUTH_AUTHORIZED);
40
  if (isLoggedIn) requestHeaders.set(OAUTH_AUTHORIZED, 'true');
41

42
  return NextResponse.next({
43
    request: {
44
      headers: requestHeaders,
45
    },
46
  });
47
});
48

49
const isProtectedRoute = createRouteMatcher([
50
  '/settings(.*)',
51
  '/files(.*)',
52
  // ↓ cloud ↓
53
]);
54

55
export default authEnv.NEXT_PUBLIC_ENABLE_CLERK_AUTH
56
  ? clerkMiddleware(
57
      (auth, req) => {
58
        if (isProtectedRoute(req)) auth().protect();
59
      },
60
      {
61
        // https://github.com/lobehub/lobe-chat/pull/3084
62
        clockSkewInMs: 60 * 60 * 1000,
63
        signInUrl: '/login',
64
        signUpUrl: '/signup',
65
      },
66
    )
67
  : authEnv.NEXT_PUBLIC_ENABLE_NEXT_AUTH
68
    ? nextAuthMiddleware
69
    : defaultMiddleware;
70