44 lines
1.6 KiB
TypeScript
44 lines
1.6 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
import { envSchema, getRawEnv } from '@/lib/env';
|
|
|
|
export async function GET(req: NextRequest) {
|
|
const env = envSchema.parse(getRawEnv());
|
|
const gatekeeperUrl = env.GATEKEEPER_URL;
|
|
|
|
const host = req.headers.get('host') || '';
|
|
const { searchParams } = new URL(req.url);
|
|
const hasBypassParam = searchParams.get('gatekeeper_bypass') === 'true';
|
|
|
|
const isLocal = host.includes('localhost') || host.includes('127.0.0.1') || host.includes('klz.localhost');
|
|
const isBypassEnabled = hasBypassParam || env.GATEKEEPER_BYPASS_ENABLED || (env.NODE_ENV === 'development' && isLocal);
|
|
|
|
// If bypass is enabled or we are in local development, use "Dev-Admin" identity.
|
|
if (isBypassEnabled) {
|
|
return NextResponse.json({
|
|
authenticated: true,
|
|
identity: 'Dev-Admin',
|
|
isDevFallback: true
|
|
});
|
|
}
|
|
|
|
try {
|
|
// We forward the cookie header to gatekeeper so it can identify the session
|
|
const response = await fetch(`${gatekeeperUrl}/api/whoami`, {
|
|
headers: {
|
|
cookie: req.headers.get('cookie') || '',
|
|
},
|
|
cache: 'no-store',
|
|
});
|
|
|
|
if (!response.ok) {
|
|
return NextResponse.json({ authenticated: false, identity: 'Guest' });
|
|
}
|
|
|
|
const data = await response.json();
|
|
return NextResponse.json(data);
|
|
} catch (error: any) {
|
|
console.error('Error proxying to gatekeeper:', error);
|
|
return NextResponse.json({ authenticated: false, identity: 'Guest (Auth Error)' });
|
|
}
|
|
}
|