feat: login page, session management, auth API routes en proxy guard
- lib/session.ts: token generatie, SHA-256 hashing, createSession/getCurrentUser/invalidateSession - app/api/auth/login: bcrypt verificatie, session aanmaken, ops_session cookie (httpOnly, sameSite=strict, 24h TTL), rate-limit 5/min per IP - app/api/auth/logout: session invalideren en cookie verwijderen - app/login/page.tsx: login form (client component) - proxy.ts: route-protectie – redirect naar /login zonder sessie (middleware.ts is deprecated in Next.js 16) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scrum4Me Agent
parent
cce0f25419
commit
be05724de0
5 changed files with 250 additions and 0 deletions
23
proxy.ts
Normal file
23
proxy.ts
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
import { NextRequest, NextResponse } from 'next/server'
|
||||
|
||||
const PUBLIC_PATHS = ['/login']
|
||||
|
||||
export default function proxy(request: NextRequest) {
|
||||
const { pathname } = request.nextUrl
|
||||
const isPublic = PUBLIC_PATHS.some((p) => pathname.startsWith(p))
|
||||
const hasSession = request.cookies.has('ops_session')
|
||||
|
||||
if (!isPublic && !hasSession) {
|
||||
return NextResponse.redirect(new URL('/login', request.url))
|
||||
}
|
||||
|
||||
if (isPublic && hasSession) {
|
||||
return NextResponse.redirect(new URL('/', request.url))
|
||||
}
|
||||
|
||||
return NextResponse.next()
|
||||
}
|
||||
|
||||
export const config = {
|
||||
matcher: ['/((?!api|_next/static|_next/image|.*\\.(?:png|ico|svg)$).*)'],
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue