forked from deepgram-starters/nextjs-live-transcription
-
Notifications
You must be signed in to change notification settings - Fork 98
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add in cors for the API auth route
- Loading branch information
1 parent
fa50b57
commit 8056fbf
Showing
1 changed file
with
77 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,77 @@ | ||
| import { NextResponse, type NextRequest } from "next/server"; | ||
|
|
||
| const corsOptions: { | ||
| allowedMethods: string[]; | ||
| allowedOrigins: string[]; | ||
| allowedHeaders: string[]; | ||
| exposedHeaders: string[]; | ||
| maxAge?: number; | ||
| credentials: boolean; | ||
| } = { | ||
| allowedMethods: (process.env?.ALLOWED_METHODS || "").split(","), | ||
| allowedOrigins: (process.env?.ALLOWED_ORIGIN || "").split(","), | ||
| allowedHeaders: (process.env?.ALLOWED_HEADERS || "").split(","), | ||
| exposedHeaders: (process.env?.EXPOSED_HEADERS || "").split(","), | ||
| maxAge: | ||
| (process.env?.PREFLIGHT_MAX_AGE && | ||
| parseInt(process.env?.PREFLIGHT_MAX_AGE)) || | ||
| undefined, // 60 * 60 * 24 * 30, // 30 days | ||
| credentials: process.env?.CREDENTIALS == "true", | ||
| }; | ||
|
|
||
| /** | ||
| * Middleware function that handles CORS configuration for API routes. | ||
| * | ||
| * This middleware function is responsible for setting the appropriate CORS headers | ||
| * on the response, based on the configured CORS options. It checks the origin of | ||
| * the request and sets the `Access-Control-Allow-Origin` header accordingly. It | ||
| * also sets the other CORS-related headers, such as `Access-Control-Allow-Credentials`, | ||
| * `Access-Control-Allow-Methods`, `Access-Control-Allow-Headers`, and | ||
| * `Access-Control-Expose-Headers`. | ||
| * | ||
| * The middleware function is configured to be applied to all API routes, as defined | ||
| * by the `config` object at the end of the file. | ||
| */ | ||
| export function middleware(request: NextRequest) { | ||
| // Response | ||
| const response = NextResponse.next(); | ||
|
|
||
| // Allowed origins check | ||
| const origin = request.headers.get("origin") ?? ""; | ||
| if ( | ||
| corsOptions.allowedOrigins.includes("*") || | ||
| corsOptions.allowedOrigins.includes(origin) | ||
| ) { | ||
| response.headers.set("Access-Control-Allow-Origin", origin); | ||
| } | ||
|
|
||
| // Set default CORS headers | ||
| response.headers.set( | ||
| "Access-Control-Allow-Credentials", | ||
| corsOptions.credentials.toString() | ||
| ); | ||
| response.headers.set( | ||
| "Access-Control-Allow-Methods", | ||
| corsOptions.allowedMethods.join(",") | ||
| ); | ||
| response.headers.set( | ||
| "Access-Control-Allow-Headers", | ||
| corsOptions.allowedHeaders.join(",") | ||
| ); | ||
| response.headers.set( | ||
| "Access-Control-Expose-Headers", | ||
| corsOptions.exposedHeaders.join(",") | ||
| ); | ||
| response.headers.set( | ||
| "Access-Control-Max-Age", | ||
| corsOptions.maxAge?.toString() ?? "" | ||
| ); | ||
|
|
||
| // Return | ||
| return response; | ||
| } | ||
|
|
||
| // See "Matching Paths" below to learn more | ||
| export const config = { | ||
| matcher: "/api/:path*", | ||
| }; |