Bjarne Fyrstenborg
07/04/2024, 7:14 AMKaspar Boel Kjeldsen
07/04/2024, 8:17 AMcsharp
private readonly RequestDelegate _next;
private readonly string? redirectPath;
private readonly string? secret;
public PreviewHijackingMiddleware(IConfiguration configuration, RequestDelegate next)
{
redirectPath = configuration.GetValue<string>("App:Url");
secret = configuration.GetValue<string>("App:Secret");
_next = next;
}
public PreviewHijackingMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task InvokeAsync(HttpContext context)
{
if (context.Request.Path.StartsWithSegments(new PathString("/umbraco/preview")))
{
// Add authorization header
context.Response.Headers.Append("cms-preview-secret", secret);
// Optionally, add a header to communicate the original path, if needed elsewhere
context.Response.Headers.Append("Redirect", context.Request.Path.Value);
// Perform the redirection
if(context.Request.Path.Value!.EndsWith("/end"))
context.Response.Redirect($"{redirectPath}/api/endpreview", permanent: false);
else context.Response.Redirect($"{redirectPath}/api/preview", permanent: false);
return; // Ensure no further processing if redirecting
}
// Proceed with next middleware in the pipeline if no condition matched
await _next(context);
}
Kaspar Boel Kjeldsen
07/04/2024, 8:18 AMjs
import { type NextRequest } from "next/server";
import { cookies } from "next/headers";
export async function GET(request: NextRequest) {
const authKey = process.env.CMS_PREVIEW_APIKEY;
const authHeader = request.headers.get("cms-preview-secret");
if (authHeader !== authKey) {
return Response.error();
}
let redirect = request.headers.get("Redirect");
// redirect should contain /umbraco/preview/{some integer id}
const cookieStore = cookies();
cookieStore.set("isPreview", "true");
// todo - magic here to convert /umbraco/preview/id to actual path
// we need an api in umbraco because it's too crazy to do in middleware...
// for now we just redirect to frontpage
redirect = "/";
return Response.redirect(`${process.env.APP_URL}${redirect}`);
}
Don't know if you're looking for something like that ?Bjarne Fyrstenborg
07/11/2024, 7:58 AMhuwred
07/11/2024, 9:08 AMBjarne Fyrstenborg
07/17/2024, 3:10 PMhuwred
07/17/2024, 4:06 PM