Skip to content

Commit

Permalink
feat: setup middleware with csrf protection
Browse files Browse the repository at this point in the history
  • Loading branch information
@michaelbrusegard
michaelbrusegard committed Aug 29, 2024
1 parent 282789c commit 36613d4
Showing 1 changed file with 22 additions and 2 deletions.
24 changes: 22 additions & 2 deletions src/middleware.ts
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,28 @@
import { routing } from '@/lib/locale';
import { verifyRequestOrigin } from 'lucia';
import createMiddleware from 'next-intl/middleware';
import { type NextRequest, NextResponse } from 'next/server';

export default createMiddleware(routing);
const handleI18nRouting = createMiddleware(routing);

export async function middleware(request: NextRequest): Promise<NextResponse> {
if (request.method !== 'GET') {
const originHeader = request.headers.get('Origin');
const hostHeader = request.headers.get('Host');
if (
!originHeader ||
!hostHeader ||
!verifyRequestOrigin(originHeader, [hostHeader])
) {
return new NextResponse(null, {
status: 403,
});
}
}

return handleI18nRouting(request);
}

export const config = {
matcher: ['/', '/(en|no)/:path*', '/((?!api|_next|.*\\..*).*)'],
matcher: ['/', '/(en|no)/:path*'],
};

0 comments on commit 36613d4

Please sign in to comment.