feat(vpn): intégration Tailscale/Headscale + URLs publiques par sous-domaine
- Ajout d'un conteneur Tailscale côté serveur pour joindre les agents via IPs Tailscale - Configuration Headscale exposé en HTTPS via Caddy (headscale.alfrednobel.edudeploy.com) - Caddy configuré pour les sous-domaines avec TLS on-demand - Middleware et route proxy Next.js pour router les sous-domaines vers les agents - Ajout du champ domain sur Establishment et affichage de l'URL publique dans le dashboard - Agent Windows v0.2.3 avec proxy Tailscale par instance pour contourner Docker Desktop - Templates WordPress/PrestaShop bindés sur 0.0.0.0 pour être accessibles via Tailscale
This commit is contained in:
+19
-26
@@ -1,35 +1,28 @@
|
||||
import { withAuth } from "next-auth/middleware";
|
||||
import { NextResponse } from "next/server";
|
||||
import type { NextRequest } from "next/server";
|
||||
|
||||
export default withAuth(
|
||||
function middleware(req) {
|
||||
const { pathname } = req.nextUrl;
|
||||
const role = req.nextauth.token?.role as string;
|
||||
const MAIN_DOMAIN = process.env.MAIN_DOMAIN || "alfrednobel.edudeploy.com";
|
||||
|
||||
if (pathname.startsWith("/superadmin")) {
|
||||
if (role !== "superadmin") {
|
||||
return NextResponse.redirect(new URL("/dashboard", req.url));
|
||||
}
|
||||
}
|
||||
|
||||
if (pathname.startsWith("/dashboard")) {
|
||||
if (!role || (role !== "admin" && role !== "teacher" && role !== "superadmin")) {
|
||||
return NextResponse.redirect(new URL("/login", req.url));
|
||||
}
|
||||
}
|
||||
export function middleware(req: NextRequest) {
|
||||
const host = req.headers.get("host") || "";
|
||||
const cleanHost = host.split(":")[0];
|
||||
|
||||
if (cleanHost === MAIN_DOMAIN || cleanHost === `www.${MAIN_DOMAIN}`) {
|
||||
return NextResponse.next();
|
||||
},
|
||||
{
|
||||
callbacks: {
|
||||
authorized({ req, token }) {
|
||||
if (req.nextUrl.pathname.startsWith("/login")) return true;
|
||||
return !!token;
|
||||
},
|
||||
},
|
||||
}
|
||||
);
|
||||
|
||||
if (!cleanHost.endsWith(`.${MAIN_DOMAIN}`)) {
|
||||
return NextResponse.next();
|
||||
}
|
||||
|
||||
const pathname = req.nextUrl.pathname;
|
||||
const search = req.nextUrl.search;
|
||||
|
||||
// Rewrite to the internal proxy API while preserving the original host header
|
||||
const rewriteUrl = new URL(`/api/proxy${pathname}${search}`, req.url);
|
||||
return NextResponse.rewrite(rewriteUrl);
|
||||
}
|
||||
|
||||
export const config = {
|
||||
matcher: ["/dashboard/:path*", "/superadmin/:path*", "/api/protected/:path*"],
|
||||
matcher: ["/((?!api/proxy|_next|static|favicon.ico|.*\\.).*)"],
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user