-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathproxy.ts
More file actions
90 lines (77 loc) · 3.16 KB
/
proxy.ts
File metadata and controls
90 lines (77 loc) · 3.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
import { type NextRequest, NextResponse } from "next/server";
import { getToken } from "next-auth/jwt";
import { guestRegex, isDevelopmentEnvironment } from "./lib/constants";
export async function proxy(request: NextRequest) {
const { pathname } = request.nextUrl;
console.log(`[Proxy] Request: ${request.method} ${pathname}`);
if (pathname.startsWith("/ping")) {
return new Response("pong", { status: 200 });
}
const lowerPath = pathname.toLowerCase();
if (
lowerPath === "/" ||
lowerPath.startsWith("/login") ||
lowerPath.startsWith("/register") ||
lowerPath.startsWith("/api/auth") ||
lowerPath.startsWith("/api/composio") ||
lowerPath.startsWith("/api/webhooks") ||
lowerPath.startsWith("/api/agent/heartbeat") ||
lowerPath.startsWith("/api/agent/run/workflow") || // QStash callback — must be public
lowerPath.startsWith("/api/agent/workflow") ||
lowerPath.startsWith("/api/agent/morning") ||
lowerPath.startsWith("/api/agent/notify") ||
lowerPath.startsWith("/api/agent/delegate") ||
lowerPath.startsWith("/api/agent/handoff") ||
lowerPath.startsWith("/api/telegram") ||
lowerPath.startsWith("/api/scheduled") ||
lowerPath.startsWith("/api/approval") ||
lowerPath.startsWith("/api/subagents") ||
lowerPath.startsWith("/subagents") ||
lowerPath === "/sw.js" ||
lowerPath === "/manifest.json" ||
lowerPath.startsWith("/swe-worker") ||
lowerPath.startsWith("/workbox") ||
/\.(png|jpg|jpeg|gif|svg|webp|ico|m3u8|ts)$/.test(lowerPath)
) {
console.log(`[Proxy] Allowing public path: ${pathname}`);
return NextResponse.next();
}
// Detect if we are on a secure connection (Vercel/Production)
const isSecure = request.nextUrl.protocol === "https:" ||
request.headers.get("x-forwarded-proto") === "https" ||
process.env.NODE_ENV === "production";
const token = await getToken({
req: request,
secret: process.env.AUTH_SECRET,
secureCookie: isSecure, // This is CRITICAL for mobile/production cookie visibility
});
if (!token) {
const host = request.headers.get("x-forwarded-host") || request.headers.get("host") || "localhost:3000";
const protocol = isSecure ? "https" : "http";
const baseUrl = process.env.BASE_URL || `${protocol}://${host}`;
const currentUrl = new URL(pathname, baseUrl);
if (request.nextUrl.search) currentUrl.search = request.nextUrl.search;
const redirectUrl = encodeURIComponent(currentUrl.toString());
// Redirect unauthenticated users to the login page
return NextResponse.redirect(
// new URL(`/api/auth/guest?redirectUrl=${redirectUrl}`, request.url)
new URL(`/login?redirectUrl=${redirectUrl}`, request.url)
);
}
const isGuest = guestRegex.test(token?.email ?? "");
if (token && !isGuest && ["/login", "/register"].includes(pathname)) {
return NextResponse.redirect(new URL("/chat", request.url));
}
return NextResponse.next();
}
export const config = {
matcher: [
"/",
"/chat",
"/chat/:id",
"/api/:path*",
"/login",
"/register",
"/((?!_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)",
],
};