From 929fe338832a7fdf50903490151f488902731bea Mon Sep 17 00:00:00 2001 From: EasySouls <93796810+EasySouls@users.noreply.github.com> Date: Fri, 21 Feb 2025 10:22:32 +0000 Subject: [PATCH 1/3] Fix anyone can access /profile-picture-check and /role --- apps/frontend/src/middleware.ts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/apps/frontend/src/middleware.ts b/apps/frontend/src/middleware.ts index 10dcd4f0..ef8127b9 100644 --- a/apps/frontend/src/middleware.ts +++ b/apps/frontend/src/middleware.ts @@ -17,7 +17,10 @@ export function middleware(request: NextRequest) { } } - if (request.nextUrl.pathname.startsWith('/periods')) { + if (request.nextUrl.pathname.startsWith('/periods') || + request.nextUrl.pathname.startsWith('/roles') || + request.nextUrl.pathname.startsWith('/profile-picture-check')) + { if (role === 'BODY_MEMBER' || role === 'BODY_ADMIN' || role === 'SUPERUSER') { return NextResponse.next(); } @@ -27,5 +30,5 @@ export function middleware(request: NextRequest) { return NextResponse.next(); } export const config = { - matcher: ['/profile', '/application-form', '/periods', '/applications', '/periods/:path*'], + matcher: ['/profile', '/application-form', '/periods', '/applications', '/periods/:path*', '/profile', 'profile-picture-check', '/roles'], }; From 18a364817bf60cc6f6f25de14f5a398baa9814d9 Mon Sep 17 00:00:00 2001 From: EasySouls <93796810+EasySouls@users.noreply.github.com> Date: Fri, 21 Feb 2025 10:28:03 +0000 Subject: [PATCH 2/3] fix typo --- apps/frontend/src/middleware.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/frontend/src/middleware.ts b/apps/frontend/src/middleware.ts index ef8127b9..24bc3d8d 100644 --- a/apps/frontend/src/middleware.ts +++ b/apps/frontend/src/middleware.ts @@ -30,5 +30,5 @@ export function middleware(request: NextRequest) { return NextResponse.next(); } export const config = { - matcher: ['/profile', '/application-form', '/periods', '/applications', '/periods/:path*', '/profile', 'profile-picture-check', '/roles'], + matcher: ['/profile', '/application-form', '/periods', '/applications', '/periods/:path*', '/profile-picture-check', '/roles'], }; From c9fcaa92b6b85c7c98346f29b4c6d0910bead5f6 Mon Sep 17 00:00:00 2001 From: mozsarmate Date: Sat, 22 Feb 2025 18:09:45 +0100 Subject: [PATCH 3/3] prettier -w --- apps/frontend/src/middleware.ts | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/apps/frontend/src/middleware.ts b/apps/frontend/src/middleware.ts index 24bc3d8d..7dda2e30 100644 --- a/apps/frontend/src/middleware.ts +++ b/apps/frontend/src/middleware.ts @@ -17,10 +17,11 @@ export function middleware(request: NextRequest) { } } - if (request.nextUrl.pathname.startsWith('/periods') || - request.nextUrl.pathname.startsWith('/roles') || - request.nextUrl.pathname.startsWith('/profile-picture-check')) - { + if ( + request.nextUrl.pathname.startsWith('/periods') || + request.nextUrl.pathname.startsWith('/roles') || + request.nextUrl.pathname.startsWith('/profile-picture-check') + ) { if (role === 'BODY_MEMBER' || role === 'BODY_ADMIN' || role === 'SUPERUSER') { return NextResponse.next(); } @@ -30,5 +31,13 @@ export function middleware(request: NextRequest) { return NextResponse.next(); } export const config = { - matcher: ['/profile', '/application-form', '/periods', '/applications', '/periods/:path*', '/profile-picture-check', '/roles'], + matcher: [ + '/profile', + '/application-form', + '/periods', + '/applications', + '/periods/:path*', + '/profile-picture-check', + '/roles', + ], };