2026-04-19 03:38:15 +01:00
|
|
|
import { NextResponse } from "next/server";
|
|
|
|
|
import type { NextRequest } from "next/server";
|
|
|
|
|
import { getPermision } from "./lib/getPermisions";
|
|
|
|
|
|
|
|
|
|
export function middleware(req: NextRequest) {
|
|
|
|
|
const token = req.cookies.get("access_token")?.value;
|
|
|
|
|
const { pathname } = req.nextUrl;
|
|
|
|
|
|
|
|
|
|
const isAdminRoute = pathname.startsWith("/admin");
|
|
|
|
|
const isLoginPage = pathname.startsWith("/login");
|
|
|
|
|
|
|
|
|
|
// 🚫 block user if not logged in or not admin
|
|
|
|
|
if (isAdminRoute && ( !token || !getPermision(req).includes("Admin") )) {
|
|
|
|
|
return NextResponse.redirect(new URL("/login", req.url));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 🔁 prevent logged-in users from seeing login page
|
|
|
|
|
if (isLoginPage && token && getPermision(req).includes("Admin")) {
|
2026-04-19 13:16:08 +01:00
|
|
|
return NextResponse.redirect(new URL("/admin/create-news", req.url));
|
2026-04-19 03:38:15 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NextResponse.next();
|
|
|
|
|
}
|
