a89fa7c8d6
All checks were successful
Lint and Build / build (pull_request) Successful in 2m46s
- Update screen position naming from camelCase to snake_case (top_left, top_right, bottom_left, bottom_right) - Refactor getActive route to use SCREEN_POSITIONS constant for DRY code - Update documentation to reflect new file naming convention - Remove unnecessary console.log for internal network requests in middleware - Improve code maintainability and consistency across the codebase 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
41 lines
No EOL
1.3 KiB
TypeScript
41 lines
No EOL
1.3 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
|
|
export function middleware(request: NextRequest) {
|
|
// Only protect API routes
|
|
if (request.nextUrl.pathname.startsWith('/api/')) {
|
|
// Allow OPTIONS requests for CORS preflight
|
|
if (request.method === 'OPTIONS') {
|
|
return NextResponse.next();
|
|
}
|
|
|
|
// Check for API key in header
|
|
const apiKey = request.headers.get('x-api-key');
|
|
const validKey = process.env.API_KEY;
|
|
|
|
// If API_KEY is not set in environment, skip authentication (development mode)
|
|
if (!validKey) {
|
|
console.warn('API_KEY not set in environment variables. API endpoints are unprotected!');
|
|
return NextResponse.next();
|
|
}
|
|
|
|
// Skip authentication for localhost/internal requests (optional security)
|
|
const host = request.headers.get('host');
|
|
if (host && (host.startsWith('localhost') || host.startsWith('127.0.0.1') || host.startsWith('192.168.'))) {
|
|
return NextResponse.next();
|
|
}
|
|
|
|
// Validate API key for external requests
|
|
if (!apiKey || apiKey !== validKey) {
|
|
return NextResponse.json(
|
|
{ error: 'Unauthorized. Valid API key required.' },
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
}
|
|
|
|
return NextResponse.next();
|
|
}
|
|
|
|
export const config = {
|
|
matcher: '/api/:path*'
|
|
}; |