Simplify Middleware file

Clubs-Council-IIITH · Dec 16, 2024 · c672f3d · c672f3d
1 parent 9589e5f
commit c672f3d
Showing 1 changed file with 25 additions and 61 deletions.
diff --git a/src/middleware.js b/src/middleware.js
@@ -5,15 +5,26 @@ import { jwtDecode as jwt_decode } from "jwt-decode";
 import routes from "acl/routes";
 import clubRedirects from "acl/clubRedirects";
 
+const redirect = (url, contentSecurityPolicyHeaderValue) => {
+  const redirectRes = NextResponse.redirect(url);
+  redirectRes.headers.set(
+    "Content-Security-Policy",
+    contentSecurityPolicyHeaderValue
+  );
+  redirectRes.headers.set("X-Content-Type-Options", "nosniff");
+  redirectRes.headers.set("Referrer-Policy", "strict-origin-when-cross-origin");
+  return redirectRes;
+};
+
 // TODO: make multiple middlewares (one for route acl, one for club redirects) and combine them
 export function middleware(req) {
   const nonce = Buffer.from(crypto.randomUUID()).toString("base64");
   const { pathname } = req.nextUrl;
   const cspHeader = `
     default-src 'none';
     script-src 'self' 'nonce-${nonce}' 'strict-dynamic' https: http: 'unsafe-inline' ${
-      process.env.NODE_ENV === "production" ? "" : `'unsafe-eval'`
-    };
+    process.env.NODE_ENV === "production" ? "" : `'unsafe-eval'`
+  };
     manifest-src 'self';
     style-src 'self' 'nonce-${nonce}';
     style-src-attr 'self' 'unsafe-inline';
@@ -42,7 +53,7 @@ export function middleware(req) {
   requestHeaders.set("x-nonce", nonce);
   requestHeaders.set(
     "Content-Security-Policy",
-    contentSecurityPolicyHeaderValue,
+    contentSecurityPolicyHeaderValue
   );
   requestHeaders.set("X-Content-Type-Options", "nosniff");
   requestHeaders.set("Referrer-Policy", "strict-origin-when-cross-origin");
@@ -54,7 +65,7 @@ export function middleware(req) {
   });
   response.headers.set(
     "Content-Security-Policy",
-    contentSecurityPolicyHeaderValue,
+    contentSecurityPolicyHeaderValue
   );
   response.headers.set("X-Content-Type-Options", "nosniff");
   response.headers.set("Referrer-Policy", "strict-origin-when-cross-origin");
@@ -63,36 +74,18 @@ export function middleware(req) {
   if (req.cookies.has("logout")) {
     // clear logout cookie
     req.cookies.delete("logout");
-    const redirectRes = NextResponse.redirect(
+    return redirect(
       new URL("/logoutCallback", req.url),
+      contentSecurityPolicyHeaderValue
     );
-    redirectRes.headers.set(
-      "Content-Security-Policy",
-      contentSecurityPolicyHeaderValue,
-    );
-    redirectRes.headers.set("X-Content-Type-Options", "nosniff");
-    redirectRes.headers.set(
-      "Referrer-Policy",
-      "strict-origin-when-cross-origin",
-    );
-    return redirectRes;
   }
 
   // redirect to CC about page
   if (pathname === "/student-bodies/clubs") {
-    const redirectRes = NextResponse.redirect(
-      new URL("/clubs-council", req.url),
-    );
-    redirectRes.headers.set(
-      "Content-Security-Policy",
-      contentSecurityPolicyHeaderValue,
+    return redirect(
+      new URL("/student-bodies/clubs-council", req.url),
+      contentSecurityPolicyHeaderValue
     );
-    redirectRes.headers.set("X-Content-Type-Options", "nosniff");
-    redirectRes.headers.set(
-      "Referrer-Policy",
-      "strict-origin-when-cross-origin",
-    );
-    return redirectRes;
   }
 
   // check if current route is protected
@@ -106,19 +99,10 @@ export function middleware(req) {
 
   // if protected and current user is not logged in, redirect to login page
   if (!req.cookies.has("Authorization")) {
-    const redirectRes = NextResponse.redirect(
+    return redirect(
       new URL(`/login${pathname}`, req.url),
+      contentSecurityPolicyHeaderValue
     );
-    redirectRes.headers.set(
-      "Content-Security-Policy",
-      contentSecurityPolicyHeaderValue,
-    );
-    redirectRes.headers.set("X-Content-Type-Options", "nosniff");
-    redirectRes.headers.set(
-      "Referrer-Policy",
-      "strict-origin-when-cross-origin",
-    );
-    return redirectRes;
   }
 
   // if logged in, extract user attributes
@@ -131,35 +115,15 @@ export function middleware(req) {
 
   // club account specific redirects
   if (clubRedirectRoute && user?.role === "club") {
-    const redirectRes = NextResponse.redirect(
+    return redirect(
       new URL(clubRedirects[pathname], req.url),
+      contentSecurityPolicyHeaderValue
     );
-    redirectRes.headers.set(
-      "Content-Security-Policy",
-      contentSecurityPolicyHeaderValue,
-    );
-    redirectRes.headers.set("X-Content-Type-Options", "nosniff");
-    redirectRes.headers.set(
-      "Referrer-Policy",
-      "strict-origin-when-cross-origin",
-    );
-    return redirectRes;
   }
 
   // check if user has access to route
   if (!routes[protectedRoute].includes(user?.role)) {
-    // redirect to home page if user does not have access
-    const redirectRes = NextResponse.redirect(new URL("/", req.url));
-    redirectRes.headers.set(
-      "Content-Security-Policy",
-      contentSecurityPolicyHeaderValue,
-    );
-    redirectRes.headers.set("X-Content-Type-Options", "nosniff");
-    redirectRes.headers.set(
-      "Referrer-Policy",
-      "strict-origin-when-cross-origin",
-    );
-    return redirectRes;
+    return redirect(new URL("/", req.url), contentSecurityPolicyHeaderValue);
   }
 
   // continue to page