Use matcher to protect /api/invite

BlueBrain · Apr 11, 2024 · 888ffdd · 888ffdd
1 parent 9fc4a86
commit 888ffdd
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 6 deletions.
diff --git a/src/app/api/invite/route.ts b/src/app/api/invite/route.ts
@@ -1,6 +1,5 @@
 import { getServerSession } from 'next-auth/next';
 import { NextRequest, NextResponse } from 'next/server';
-import nextAuthMiddleware, { NextRequestWithAuth } from 'next-auth/middleware';
 import { captureException } from '@sentry/nextjs';
 import { Session } from 'next-auth';
 import { authOptions } from '@/auth';
@@ -9,10 +8,7 @@ import { VlmError, isVlmError } from '@/types/virtual-lab/common';
 
 export async function GET(req: NextRequest): Promise<any> {
   const session = await getServerSession(authOptions);
-  if (!session) {
-    return nextAuthMiddleware(req as NextRequestWithAuth);
-  }
-  if (!session.accessToken) {
+  if (!session?.accessToken) {
     return NextResponse.redirect(new URL(getErrorUrl(null, session, null), req.url));
   }
 
@@ -21,7 +17,7 @@ export async function GET(req: NextRequest): Promise<any> {
     return NextResponse.redirect(new URL(getErrorUrl(null, session, inviteToken ?? null), req.url));
   }
 
-  const response = await processInvite(session.accessToken, inviteToken);
+  const response = await processInvite(session?.accessToken, inviteToken);
   if (!isVlmInviteResponse(response)) {
     const url = getErrorUrl(response, session, inviteToken);
     return NextResponse.redirect(new URL(url, req.url));

diff --git a/src/middleware.ts b/src/middleware.ts
@@ -32,6 +32,7 @@ export const config = {
   matcher: [
     '/',
     '/main',
+    '/api/invite',
     '/(build|simulate|simulations|main|explore|experiment-designer|svc|virtual-lab)/(.*)',
   ],
 };