2022-06-02 16:19:01 +00:00
|
|
|
import { collectEvents } from "next-collect/server";
|
2022-08-16 19:50:09 +00:00
|
|
|
import { NextMiddleware, NextResponse, userAgent } from "next/server";
|
2022-06-02 16:19:01 +00:00
|
|
|
|
2022-08-16 19:55:50 +00:00
|
|
|
import { CONSOLE_URL, WEBAPP_URL, WEBSITE_URL } from "@calcom/lib/constants";
|
2022-08-23 21:34:10 +00:00
|
|
|
import { isIpInBanlist } from "@calcom/lib/getIP";
|
2022-07-28 19:58:26 +00:00
|
|
|
import { extendEventData, nextCollectBasicSettings } from "@calcom/lib/telemetry";
|
2022-06-02 16:19:01 +00:00
|
|
|
|
2022-08-26 00:11:41 +00:00
|
|
|
const V2_WHITELIST = [
|
|
|
|
"/settings/admin",
|
2022-09-12 19:07:52 +00:00
|
|
|
"/settings/developer/webhooks",
|
|
|
|
"/settings/developer/api-keys",
|
2022-08-26 00:11:41 +00:00
|
|
|
"/settings/my-account",
|
2022-08-30 19:46:52 +00:00
|
|
|
"/settings/security",
|
2022-09-12 22:04:33 +00:00
|
|
|
"/settings/teams",
|
2022-08-26 00:11:41 +00:00
|
|
|
"/availability",
|
|
|
|
"/bookings",
|
|
|
|
"/event-types",
|
2022-08-31 19:42:37 +00:00
|
|
|
"/workflows",
|
2022-09-05 21:22:28 +00:00
|
|
|
"/apps",
|
2022-09-17 17:53:31 +00:00
|
|
|
"/teams",
|
2022-09-02 13:12:58 +00:00
|
|
|
"/success",
|
2022-09-13 16:35:14 +00:00
|
|
|
"/auth/login",
|
2022-08-26 00:11:41 +00:00
|
|
|
];
|
2022-09-15 19:53:09 +00:00
|
|
|
|
|
|
|
// For pages
|
|
|
|
// - which has V1 versions being modified as V2
|
2022-09-18 05:03:34 +00:00
|
|
|
const V2_BLACKLIST = ["/apps/routing_forms/", "/apps/typeform/"];
|
2022-08-09 09:21:15 +00:00
|
|
|
|
|
|
|
const middleware: NextMiddleware = async (req) => {
|
|
|
|
const url = req.nextUrl;
|
|
|
|
|
2022-08-23 21:34:10 +00:00
|
|
|
if (["/api/collect-events", "/api/auth"].some((p) => url.pathname.startsWith(p))) {
|
2022-08-16 17:15:13 +00:00
|
|
|
const callbackUrl = url.searchParams.get("callbackUrl");
|
2022-08-16 19:50:09 +00:00
|
|
|
const { isBot } = userAgent(req);
|
2022-08-16 19:55:50 +00:00
|
|
|
|
|
|
|
if (
|
|
|
|
isBot ||
|
2022-08-23 21:34:10 +00:00
|
|
|
(callbackUrl && ![CONSOLE_URL, WEBAPP_URL, WEBSITE_URL].some((u) => callbackUrl.startsWith(u))) ||
|
|
|
|
isIpInBanlist(req)
|
2022-08-16 19:55:50 +00:00
|
|
|
) {
|
2022-08-16 17:15:13 +00:00
|
|
|
// DDOS Prevention: Immediately end request with no response - Avoids a redirect as well initiated by NextAuth on invalid callback
|
2022-08-16 19:59:38 +00:00
|
|
|
req.nextUrl.pathname = "/api/nope";
|
|
|
|
return NextResponse.redirect(req.nextUrl);
|
2022-08-16 17:15:13 +00:00
|
|
|
}
|
|
|
|
}
|
2022-09-15 11:09:06 +00:00
|
|
|
/** Display available V2 pages */
|
2022-09-02 19:00:41 +00:00
|
|
|
if (
|
|
|
|
!V2_BLACKLIST.some((p) => url.pathname.startsWith(p)) &&
|
|
|
|
V2_WHITELIST.some((p) => url.pathname.startsWith(p))
|
|
|
|
) {
|
2022-08-09 09:21:15 +00:00
|
|
|
// rewrite to the current subdomain under the pages/sites folder
|
|
|
|
url.pathname = `/v2${url.pathname}`;
|
2022-08-26 18:07:44 +00:00
|
|
|
return NextResponse.rewrite(url);
|
2022-08-09 09:21:15 +00:00
|
|
|
}
|
2022-08-26 18:07:44 +00:00
|
|
|
return NextResponse.next();
|
2022-08-09 09:21:15 +00:00
|
|
|
};
|
|
|
|
|
2022-06-02 16:19:01 +00:00
|
|
|
export default collectEvents({
|
2022-08-09 09:21:15 +00:00
|
|
|
middleware,
|
2022-06-02 16:19:01 +00:00
|
|
|
...nextCollectBasicSettings,
|
|
|
|
cookieName: "__clnds",
|
|
|
|
extend: extendEventData,
|
|
|
|
});
|