Secure the application

tematz · Dec 31, 2023 · 68b343a · 68b343a
1 parent 4e6add5
commit 68b343a
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 21 deletions.
diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
@@ -1,20 +1,7 @@
 import NextAuth from "next-auth/next";
-import GoogleProvider from "next-auth/providers/google";
-import { PrismaAdapter } from "@next-auth/prisma-adapter";
 
-import prisma from "@/prisma/client";
+import authOptions from "@/app/auth/authOptions";
 
-const handler = NextAuth({
-  adapter: PrismaAdapter(prisma),
-  providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_CLIENT_ID!,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET!
-    }),
-  ],
-  session: {
-    strategy: "jwt",
-  }
-})
+const handler = NextAuth(authOptions)
 
 export { handler as GET, handler as POST }
diff --git a/app/api/issues/[id]/route.ts b/app/api/issues/[id]/route.ts
@@ -1,9 +1,14 @@
 import { NextRequest, NextResponse } from "next/server";
+import { getServerSession } from "next-auth";
 
+import authOptions from "@/app/auth/authOptions";
 import { IssueSchema } from "@/app/validationSchemas";
 import prisma from "@/prisma/client";
 
 export async function PATCH(request: NextRequest, { params }: { params: { id: string } }) {
+  const session = await getServerSession(authOptions)
+  if (!session)
+    return NextResponse.json({}, { status: 401 })
   const body = await request.json()
   const validation = IssueSchema.safeParse(body)
   if (!validation.success)
@@ -22,6 +27,9 @@ export async function PATCH(request: NextRequest, { params }: { params: { id: st
 }
 
 export async function DELETE(request: NextRequest, { params }: { params: { id: string } }) {
+  const session = await getServerSession(authOptions)
+  if (!session)
+    return NextResponse.json({}, { status: 401 })
   const issue = await prisma.issue.findUnique({ where: { id: parseInt(params.id) } })
   if (!issue)
     return NextResponse.json({ error: 'Issue not found' }, { status: 404 })

diff --git a/app/api/issues/route.ts b/app/api/issues/route.ts
@@ -1,11 +1,17 @@
 import { NextRequest, NextResponse } from 'next/server'
+import { getServerSession } from 'next-auth'
 
 import { IssueSchema } from '../../validationSchemas'
 
 import prisma from '@/prisma/client'
+import authOptions from '@/app/auth/authOptions'
 
 
 export async function POST(request: NextRequest) {
+  const session = await getServerSession(authOptions)
+  if (!session)
+    return NextResponse.json({}, { status: 401 })
+
   const body = await request.json()
   const validation = IssueSchema.safeParse(body)
   if (!validation.success)

diff --git a/app/auth/authOptions.ts b/app/auth/authOptions.ts
@@ -0,0 +1,23 @@
+import GoogleProvider from "next-auth/providers/google";
+import { PrismaAdapter } from "@next-auth/prisma-adapter";
+import { NextAuthOptions } from "next-auth";
+
+import prisma from "@/prisma/client";
+
+
+const authOptions: NextAuthOptions = {
+
+
+  adapter: PrismaAdapter(prisma),
+  providers: [
+    GoogleProvider({
+      clientId: process.env.GOOGLE_CLIENT_ID!,
+      clientSecret: process.env.GOOGLE_CLIENT_SECRET!
+    }),
+  ],
+  session: {
+    strategy: "jwt",
+  }
+}
+
+export default authOptions;
diff --git a/app/issues/[id]/page.tsx b/app/issues/[id]/page.tsx
@@ -1,17 +1,21 @@
 import { notFound } from 'next/navigation'
 import { Box, Flex, Grid } from '@radix-ui/themes'
+import { getServerSession } from 'next-auth'
 
 import IssueDetails from './IssueDetails'
 import EditIssueButton from './EditIssueButton'
 import DeleteIssueButton from './DeleteIssueButton'
 
 import prisma from '@/prisma/client'
+import authOptions from '@/app/auth/authOptions'
 
 interface Props {
   params: { id: string }
 }
 
 const IssueDetailPage = async ({ params }: Props) => {
+  const session = await getServerSession(authOptions)
+
   const issue = await prisma.issue.findUnique({
     where: { id: parseInt(params.id) },
   })
@@ -23,12 +27,14 @@ const IssueDetailPage = async ({ params }: Props) => {
       <Box className="md:col-span-4">
         <IssueDetails issue={issue} />
       </Box>
-      <Box>
-        <Flex direction="column" gap="4">
-          <EditIssueButton issueId={issue.id} />
-          <DeleteIssueButton issueId={issue.id} />
-        </Flex>
-      </Box>
+      {session && (
+        <Box>
+          <Flex direction="column" gap="4">
+            <EditIssueButton issueId={issue.id} />
+            <DeleteIssueButton issueId={issue.id} />
+          </Flex>
+        </Box>
+      )}
     </Grid>
   )
 }

diff --git a/middleware.ts b/middleware.ts
@@ -0,0 +1,8 @@
+export { default } from 'next-auth/middleware'
+
+export const config = {
+  matcher: [
+    '/issue/new',
+    '/issue/edit/:id+'
+  ]
+}