2022-06-02 16:19:01 +00:00
|
|
|
import { collectEvents } from "next-collect/server";
|
2022-08-09 09:21:15 +00:00
|
|
|
// eslint-disable-next-line @next/next/no-server-import-in-page
|
2022-08-16 19:50:09 +00:00
|
|
|
import { NextMiddleware, NextResponse, userAgent } from "next/server";
|
2022-06-02 16:19:01 +00:00
|
|
|
|
2022-07-28 19:58:26 +00:00
|
|
|
import { extendEventData, nextCollectBasicSettings } from "@calcom/lib/telemetry";
|
2022-06-02 16:19:01 +00:00
|
|
|
|
2022-08-09 09:21:15 +00:00
|
|
|
const V2_WHITELIST = ["/settings/admin"];
|
|
|
|
|
|
|
|
const middleware: NextMiddleware = async (req) => {
|
|
|
|
const url = req.nextUrl;
|
|
|
|
|
2022-08-16 19:50:09 +00:00
|
|
|
if (url.pathname.startsWith("/api/auth")) {
|
2022-08-16 17:15:13 +00:00
|
|
|
const callbackUrl = url.searchParams.get("callbackUrl");
|
2022-08-16 19:50:09 +00:00
|
|
|
const { isBot } = userAgent(req);
|
|
|
|
if (isBot || (callbackUrl && !callbackUrl.startsWith("https://") && !callbackUrl.startsWith("http://"))) {
|
2022-08-16 17:15:13 +00:00
|
|
|
// DDOS Prevention: Immediately end request with no response - Avoids a redirect as well initiated by NextAuth on invalid callback
|
2022-08-16 19:50:09 +00:00
|
|
|
const res = new NextResponse("hey", { status: 400, statusText: "Please don't" });
|
|
|
|
return res;
|
2022-08-16 17:15:13 +00:00
|
|
|
}
|
|
|
|
}
|
2022-08-09 09:21:15 +00:00
|
|
|
/** Display available V2 pages to users who opted-in to early access */
|
|
|
|
if (req.cookies.has("calcom-v2-early-access") && V2_WHITELIST.some((p) => url.pathname.startsWith(p))) {
|
|
|
|
// rewrite to the current subdomain under the pages/sites folder
|
|
|
|
url.pathname = `/v2${url.pathname}`;
|
|
|
|
}
|
|
|
|
|
|
|
|
return NextResponse.rewrite(url);
|
|
|
|
};
|
|
|
|
|
2022-06-02 16:19:01 +00:00
|
|
|
export default collectEvents({
|
2022-08-09 09:21:15 +00:00
|
|
|
middleware,
|
2022-06-02 16:19:01 +00:00
|
|
|
...nextCollectBasicSettings,
|
|
|
|
cookieName: "__clnds",
|
|
|
|
extend: extendEventData,
|
|
|
|
});
|