Mannu
b6814579c6
- Wrap next.config.ts with @serwist/next (webpack mode, disabled in dev) - Service worker: NetworkOnly for /api/*, offline fallback → /~offline - Web app manifest via Next.js metadata API (app/manifest.ts) - PNG icon set generated with sharp (192, 512, maskable-512, apple-180) - iOS meta tags: appleWebApp, themeColor viewport export - Middleware: pwaAssets early-return so /sw.js never gets a 302→login - Offline fallback page at /~offline (static, no auth dependency) - InstallPrompt component: beforeinstallprompt (Android) + iOS Share sheet instructions - Logout (menu/page.tsx): purge all SW caches on signout (shared-device safety) - Fix invite/[token]/page.tsx params type for Next.js 16 (use(params)) - Build script: next build --webpack (Serwist requires webpack, not Turbopack) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
97 lines
2.3 KiB
TypeScript
97 lines
2.3 KiB
TypeScript
import { NextResponse } from "next/server";
|
|
import type { NextRequest } from "next/server";
|
|
|
|
// PWA static assets — must bypass auth entirely.
|
|
// If the SW or manifest gets a 302→login, the browser registers the login
|
|
// page as the service worker, which breaks auth for the entire PWA session.
|
|
const pwaAssets = [
|
|
"/sw.js",
|
|
"/sw.js.map",
|
|
"/manifest.webmanifest",
|
|
"/~offline",
|
|
"/icons/",
|
|
"/serwist-",
|
|
];
|
|
|
|
// Public routes that don't require authentication
|
|
const publicRoutes = [
|
|
"/",
|
|
"/pricing",
|
|
"/privacy",
|
|
"/terms",
|
|
"/login",
|
|
"/admin-login",
|
|
"/m",
|
|
"/invite",
|
|
"/verify",
|
|
"/api/auth/signin",
|
|
"/api/admin/auth",
|
|
"/api/onboarding",
|
|
"/api/profile",
|
|
];
|
|
|
|
// Protected API routes that need authentication
|
|
const protectedApiRoutes = [
|
|
"/api/children",
|
|
"/api/logs",
|
|
"/api/growth",
|
|
"/api/vaccinations",
|
|
"/api/medicines",
|
|
"/api/allergies",
|
|
"/api/illnesses",
|
|
"/api/visits",
|
|
"/api/family",
|
|
"/api/families",
|
|
"/api/invites",
|
|
"/api/notifications",
|
|
"/api/upload",
|
|
"/api/chat",
|
|
"/api/history",
|
|
"/api/family/members",
|
|
];
|
|
|
|
export function middleware(request: NextRequest) {
|
|
const { pathname } = request.nextUrl;
|
|
|
|
// Always pass PWA assets through — never redirect to login
|
|
for (const asset of pwaAssets) {
|
|
if (pathname === asset || pathname.startsWith(asset)) {
|
|
return NextResponse.next();
|
|
}
|
|
}
|
|
|
|
// Always allow public routes
|
|
for (const route of publicRoutes) {
|
|
if (pathname === route || pathname.startsWith(route + "/")) {
|
|
return NextResponse.next();
|
|
}
|
|
}
|
|
|
|
// Check session cookie for protected routes
|
|
const sessionToken = request.cookies.get("tia_session")?.value;
|
|
const adminSessionToken = request.cookies.get("tia_admin_session")?.value;
|
|
|
|
// Allow admin routes with admin session
|
|
if (pathname.startsWith("/api/admin") && adminSessionToken) {
|
|
return NextResponse.next();
|
|
}
|
|
|
|
// For protected API routes, require session
|
|
for (const route of protectedApiRoutes) {
|
|
if (pathname.startsWith(route)) {
|
|
if (!sessionToken && !adminSessionToken) {
|
|
return NextResponse.json({ error: "Authentication required" }, { status: 401 });
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
return NextResponse.next();
|
|
}
|
|
|
|
export const config = {
|
|
matcher: [
|
|
"/api/:path*",
|
|
"/((?!_next/static|_next/image|favicon.ico).*)",
|
|
],
|
|
};
|