taskbit/middleware.ts at development · devmhimran/taskbit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import { withAuth } from 'next-auth/middleware';
import { NextResponse } from 'next/server';

const USER_ALLOWED_PATHS = ['/dashboard/my-tasks', '/dashboard/my-payments'];

const ADMIN_PATHS = [
  '/dashboard/payments',
  '/dashboard/expenses',
  '/dashboard/salaries',
  '/dashboard/tasks',
  '/dashboard/users',
  '/dashboard/clients',
  '/dashboard/dashboard',
  '/dashboard/new-clients-tasks',
  '/dashboard/employee-of-the-month',
];

const CLIENT_PATHS = ['/dashboard/client-tasks'];
const COMMON_PATHS = ['/dashboard/profile'];
const CO_ADMIN_PATHS = ['/dashboard/tasks'];

export default withAuth(
  function middleware(req) {
    // eslint-disable-next-line @typescript-eslint/no-explicit-any
    const role = (req.nextauth?.token as any)?.user?.role;
    const path = req.nextUrl.pathname;

    if (COMMON_PATHS.some((commonPath) => path.startsWith(commonPath))) {
      return NextResponse.next();
    }

    if (role === 'USER' || role === 'EMPLOYEE') {
      if (ADMIN_PATHS.some((adminPath) => path.startsWith(adminPath))) {
        return NextResponse.redirect(new URL('/dashboard/my-tasks', req.url));
      }

      const isAllowedPath = USER_ALLOWED_PATHS.some((userPath) =>
        path.startsWith(userPath)
      );

      if (!isAllowedPath) {
        return NextResponse.redirect(new URL('/dashboard/my-tasks', req.url));
      }
    }

    if (role === 'CO_ADMIN') {
      if (!CO_ADMIN_PATHS.some((coAdminPath) => path.startsWith(coAdminPath))) {
        return NextResponse.redirect(new URL('/dashboard/tasks', req.url));
      }
      const isAllowedPath = CO_ADMIN_PATHS.some((coAdminPath) =>
        path.startsWith(coAdminPath)
      );
      if (!isAllowedPath) {
        return NextResponse.redirect(new URL('/dashboard/tasks', req.url));
      }
    }

    if (role === 'ADMIN') {
      if (CLIENT_PATHS.some((clientPath) => path.startsWith(clientPath))) {
        return NextResponse.redirect(new URL('/dashboard/dashboard', req.url));
      }
    }

    if (role === 'CLIENT') {
      if (
        ADMIN_PATHS.some((clientPath) => path.startsWith(clientPath)) ||
        USER_ALLOWED_PATHS.some((clientPath) => path.startsWith(clientPath))
      ) {
        return NextResponse.redirect(
          new URL('/dashboard/client-tasks', req.url)
        );
      }
      const isAllowedPath = CLIENT_PATHS.some((clientPath) =>
        path.startsWith(clientPath)
      );
      if (!isAllowedPath) {
        return NextResponse.redirect(
          new URL('/dashboard/client-tasks', req.url)
        );
      }
    }

    if (role === 'ADMIN') {
      return NextResponse.next();
    }

    if (!role) {
      return NextResponse.redirect(new URL('/signin', req.url));
    }

    return NextResponse.next();
  },
  {
    secret: process.env.NEXT_PUBLIC_AUTH_SECRET,
    callbacks: {
      authorized: async ({ token }) => {
        return !!token;
      },
    },
    pages: {
      signIn: '/signin',
      error: '/signin',
    },
  }
);

export const config = { matcher: ['/dashboard/:path*'] };