cal.pub0.org/apps/web/middleware.ts

import { collectEvents } from "next-collect/server";
// eslint-disable-next-line @next/next/no-server-import-in-page
import { NextMiddleware, NextResponse, userAgent } from "next/server";

import { extendEventData, nextCollectBasicSettings } from "@calcom/lib/telemetry";

const V2_WHITELIST = ["/settings/admin"];

const middleware: NextMiddleware = async (req) => {
  const url = req.nextUrl;

  if (url.pathname.startsWith("/api/auth")) {
    const callbackUrl = url.searchParams.get("callbackUrl");
    const { isBot } = userAgent(req);
    if (isBot || (callbackUrl && !callbackUrl.startsWith("https://") && !callbackUrl.startsWith("http://"))) {
      // DDOS Prevention: Immediately end request with no response - Avoids a redirect as well initiated by NextAuth on invalid callback
      const res = new NextResponse("hey", { status: 400, statusText: "Please don't" });
      return res;
    }
  }
  /** Display available V2 pages to users who opted-in to early access */
  if (req.cookies.has("calcom-v2-early-access") && V2_WHITELIST.some((p) => url.pathname.startsWith(p))) {
    // rewrite to the current subdomain under the pages/sites folder
    url.pathname = `/v2${url.pathname}`;
  }

  return NextResponse.rewrite(url);
};

export default collectEvents({
  middleware,
  ...nextCollectBasicSettings,
  cookieName: "__clnds",
  extend: extendEventData,
});
Telemetry improvements (#2935) * next-collect initial setup * naming changes * WIP * WIP: added cookie name * telemetry update * fixes * telemetry eventTypes fix * tmp jitsu config for testing * tmp jitsu key update (for tests) * deploy commit * cookieName fixes * telemetry credentials update * NextCollect updated to latest canary; added TELEMETRY_KEY to config * TELEMETRY_KEY fix removed browser_user_agent field from event * removed _middleware.ts for test deploy * _middleware.ts restored * next-collect version bump * yarn.lock fix * Added license consent property, set default telemetry endpoint * Switched to stable version of next-collect; restored LicenseProvider accidentally deleted during merge * Switched to stable version of next-collect; restored LicenseProvider accidentally deleted during merge * Updated to latest version of next-collect * - Updated to latest version of next-collect - Few improvements in event collection: isTeamBooking for all events, page_url for all events - Do not send second page event on re-render of /team/[slug] * Revert booking confirmed tracking * Applied prettier + fix lint Co-authored-by: Art Sk <kirsan007@gmail.com> 2022-06-02 16:19:01 +00:00			`import { collectEvents } from "next-collect/server";`
Adds middleware to get V2 early access (#3617) Co-authored-by: sean-brydon <55134778+sean-brydon@users.noreply.github.com> 2022-08-09 09:21:15 +00:00			`// eslint-disable-next-line @next/next/no-server-import-in-page`
DDOS mitigation updates 2022-08-16 19:50:09 +00:00			`import { NextMiddleware, NextResponse, userAgent } from "next/server";`
Telemetry improvements (#2935) * next-collect initial setup * naming changes * WIP * WIP: added cookie name * telemetry update * fixes * telemetry eventTypes fix * tmp jitsu config for testing * tmp jitsu key update (for tests) * deploy commit * cookieName fixes * telemetry credentials update * NextCollect updated to latest canary; added TELEMETRY_KEY to config * TELEMETRY_KEY fix removed browser_user_agent field from event * removed _middleware.ts for test deploy * _middleware.ts restored * next-collect version bump * yarn.lock fix * Added license consent property, set default telemetry endpoint * Switched to stable version of next-collect; restored LicenseProvider accidentally deleted during merge * Switched to stable version of next-collect; restored LicenseProvider accidentally deleted during merge * Updated to latest version of next-collect * - Updated to latest version of next-collect - Few improvements in event collection: isTeamBooking for all events, page_url for all events - Do not send second page event on re-render of /team/[slug] * Revert booking confirmed tracking * Applied prettier + fix lint Co-authored-by: Art Sk <kirsan007@gmail.com> 2022-06-02 16:19:01 +00:00
Refactors EE code (#3490) * WIP * WIP * Type and migration fixes * Adds missing default import * Fixes import * Fixes tRPC imports in App Store * Migrate stripe helpers * WIP * Type fixes * Type fix? * WIP * WIP * Update index.ts * Fixes * Update workflow.tsx * Moved queries to lib * Moves QueryCell * Migrates MultiSelectCheckboxes * WIP * CryptoSection type fixes * WIP * Import fixes * Build fixes * Update app-providers.tsx * Build fixes * Upgrades hookform zod resolvers * Build fixes * Cleanup * Build fixes * Relocates QueryCell to ui * Moved List and SkeletonLoader * Revert QueryCell migration * Can't use QueryCell here * oops * CryptoSection cleanup * Update app-providers.tsx * Moved ee to features * ee to features/ee * Removes @calcom/ee * Adds possible feature locations * Build fixes * Migrates stripe to app-store lib * Colocates stripe imports * Update subscription.ts * Submodule sync Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2022-07-28 19:58:26 +00:00			`import { extendEventData, nextCollectBasicSettings } from "@calcom/lib/telemetry";`
Telemetry improvements (#2935) * next-collect initial setup * naming changes * WIP * WIP: added cookie name * telemetry update * fixes * telemetry eventTypes fix * tmp jitsu config for testing * tmp jitsu key update (for tests) * deploy commit * cookieName fixes * telemetry credentials update * NextCollect updated to latest canary; added TELEMETRY_KEY to config * TELEMETRY_KEY fix removed browser_user_agent field from event * removed _middleware.ts for test deploy * _middleware.ts restored * next-collect version bump * yarn.lock fix * Added license consent property, set default telemetry endpoint * Switched to stable version of next-collect; restored LicenseProvider accidentally deleted during merge * Switched to stable version of next-collect; restored LicenseProvider accidentally deleted during merge * Updated to latest version of next-collect * - Updated to latest version of next-collect - Few improvements in event collection: isTeamBooking for all events, page_url for all events - Do not send second page event on re-render of /team/[slug] * Revert booking confirmed tracking * Applied prettier + fix lint Co-authored-by: Art Sk <kirsan007@gmail.com> 2022-06-02 16:19:01 +00:00
Adds middleware to get V2 early access (#3617) Co-authored-by: sean-brydon <55134778+sean-brydon@users.noreply.github.com> 2022-08-09 09:21:15 +00:00			`const V2_WHITELIST = ["/settings/admin"];`

			`const middleware: NextMiddleware = async (req) => {`
			`const url = req.nextUrl;`

DDOS mitigation updates 2022-08-16 19:50:09 +00:00			`if (url.pathname.startsWith("/api/auth")) {`
Avoid DDOS (#3871) 2022-08-16 17:15:13 +00:00			`const callbackUrl = url.searchParams.get("callbackUrl");`
DDOS mitigation updates 2022-08-16 19:50:09 +00:00			`const { isBot } = userAgent(req);`
			`if (isBot \|\| (callbackUrl && !callbackUrl.startsWith("https://") && !callbackUrl.startsWith("http://"))) {`
Avoid DDOS (#3871) 2022-08-16 17:15:13 +00:00			`// DDOS Prevention: Immediately end request with no response - Avoids a redirect as well initiated by NextAuth on invalid callback`
DDOS mitigation updates 2022-08-16 19:50:09 +00:00			`const res = new NextResponse("hey", { status: 400, statusText: "Please don't" });`
			`return res;`
Avoid DDOS (#3871) 2022-08-16 17:15:13 +00:00			`}`
			`}`
Adds middleware to get V2 early access (#3617) Co-authored-by: sean-brydon <55134778+sean-brydon@users.noreply.github.com> 2022-08-09 09:21:15 +00:00			`/** Display available V2 pages to users who opted-in to early access */`
			`if (req.cookies.has("calcom-v2-early-access") && V2_WHITELIST.some((p) => url.pathname.startsWith(p))) {`
			`// rewrite to the current subdomain under the pages/sites folder`
			url.pathname = `/v2${url.pathname}`;
			`}`

			`return NextResponse.rewrite(url);`
			`};`

Telemetry improvements (#2935) * next-collect initial setup * naming changes * WIP * WIP: added cookie name * telemetry update * fixes * telemetry eventTypes fix * tmp jitsu config for testing * tmp jitsu key update (for tests) * deploy commit * cookieName fixes * telemetry credentials update * NextCollect updated to latest canary; added TELEMETRY_KEY to config * TELEMETRY_KEY fix removed browser_user_agent field from event * removed _middleware.ts for test deploy * _middleware.ts restored * next-collect version bump * yarn.lock fix * Added license consent property, set default telemetry endpoint * Switched to stable version of next-collect; restored LicenseProvider accidentally deleted during merge * Switched to stable version of next-collect; restored LicenseProvider accidentally deleted during merge * Updated to latest version of next-collect * - Updated to latest version of next-collect - Few improvements in event collection: isTeamBooking for all events, page_url for all events - Do not send second page event on re-render of /team/[slug] * Revert booking confirmed tracking * Applied prettier + fix lint Co-authored-by: Art Sk <kirsan007@gmail.com> 2022-06-02 16:19:01 +00:00			`export default collectEvents({`
Adds middleware to get V2 early access (#3617) Co-authored-by: sean-brydon <55134778+sean-brydon@users.noreply.github.com> 2022-08-09 09:21:15 +00:00			`middleware,`
Telemetry improvements (#2935) * next-collect initial setup * naming changes * WIP * WIP: added cookie name * telemetry update * fixes * telemetry eventTypes fix * tmp jitsu config for testing * tmp jitsu key update (for tests) * deploy commit * cookieName fixes * telemetry credentials update * NextCollect updated to latest canary; added TELEMETRY_KEY to config * TELEMETRY_KEY fix removed browser_user_agent field from event * removed _middleware.ts for test deploy * _middleware.ts restored * next-collect version bump * yarn.lock fix * Added license consent property, set default telemetry endpoint * Switched to stable version of next-collect; restored LicenseProvider accidentally deleted during merge * Switched to stable version of next-collect; restored LicenseProvider accidentally deleted during merge * Updated to latest version of next-collect * - Updated to latest version of next-collect - Few improvements in event collection: isTeamBooking for all events, page_url for all events - Do not send second page event on re-render of /team/[slug] * Revert booking confirmed tracking * Applied prettier + fix lint Co-authored-by: Art Sk <kirsan007@gmail.com> 2022-06-02 16:19:01 +00:00			`...nextCollectBasicSettings,`
			`cookieName: "__clnds",`
			`extend: extendEventData,`
			`});`