86 lines
2.9 KiB
TypeScript
86 lines
2.9 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
import { getPocketBaseConfig, SITE_ID } from "@/config/services.config";
|
|
import { getAdminToken } from "@/app/lib/pocketbase/admin";
|
|
import { COOKIE_NAME, COOKIE_MAX_AGE } from "@/app/lib/auth-cookie";
|
|
|
|
async function checkVip(userId: string): Promise<boolean> {
|
|
try {
|
|
const token = await getAdminToken();
|
|
if (!token) return false;
|
|
const pb = getPocketBaseConfig();
|
|
const filter = `user_id = "${userId}" && site_id = "${SITE_ID}"`;
|
|
const res = await fetch(
|
|
`${pb.url}/api/collections/site_vip/records?filter=${encodeURIComponent(filter)}&perPage=1`,
|
|
{ headers: { Authorization: `Bearer ${token}` }, cache: "no-store" }
|
|
);
|
|
if (!res.ok) return false;
|
|
const data = await res.json();
|
|
const items = data?.items ?? [];
|
|
const record = items[0];
|
|
if (!record) return false;
|
|
const now = new Date().toISOString();
|
|
const isExpired = record?.expires_at && record.expires_at < now;
|
|
return !isExpired;
|
|
} catch {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
export async function GET(request: NextRequest) {
|
|
const cookie = request.cookies.get(COOKIE_NAME)?.value;
|
|
if (!cookie) {
|
|
return NextResponse.json({ ok: true, user: null });
|
|
}
|
|
try {
|
|
const payload = JSON.parse(Buffer.from(cookie, "base64url").toString("utf-8"));
|
|
const { token, userId, email } = payload;
|
|
if (!token || !userId) return NextResponse.json({ ok: true, user: null });
|
|
|
|
const pb = getPocketBaseConfig();
|
|
const res = await fetch(`${pb.url}/api/collections/${pb.usersCollection}/auth-refresh`, {
|
|
method: "POST",
|
|
headers: { Authorization: `Bearer ${token}` },
|
|
cache: "no-store",
|
|
});
|
|
if (!res.ok) {
|
|
const r = NextResponse.json({ ok: true, user: null });
|
|
r.cookies.set(COOKIE_NAME, "", { path: "/", maxAge: 0 });
|
|
return r;
|
|
}
|
|
const data = await res.json();
|
|
const newToken = data.token;
|
|
const newRecord = data.record;
|
|
if (newToken && newRecord?.id) {
|
|
const newPayload = JSON.stringify({
|
|
token: newToken,
|
|
userId: newRecord.id,
|
|
email: newRecord.email ?? email,
|
|
});
|
|
const encoded = Buffer.from(newPayload, "utf-8").toString("base64url");
|
|
const vip = await checkVip(newRecord.id);
|
|
const r = NextResponse.json({
|
|
ok: true,
|
|
user: { id: newRecord.id, email: newRecord.email ?? email, vip },
|
|
token: newToken,
|
|
});
|
|
r.cookies.set(COOKIE_NAME, encoded, {
|
|
path: "/",
|
|
maxAge: COOKIE_MAX_AGE,
|
|
secure: process.env.NODE_ENV === "production",
|
|
sameSite: "lax",
|
|
httpOnly: true,
|
|
});
|
|
return r;
|
|
}
|
|
const uid = data.record?.id ?? userId;
|
|
const vip = uid ? await checkVip(uid) : false;
|
|
return NextResponse.json({
|
|
ok: true,
|
|
user: { id: uid, email: data.record?.email ?? email, vip },
|
|
token: data.token,
|
|
});
|
|
} catch {
|
|
return NextResponse.json({ ok: true, user: null });
|
|
}
|
|
}
|