import { NextResponse } from 'next/server'; import type { NextRequest } from 'next/server'; export function middleware(request: NextRequest) { // Allow email and projects API routes without authentication if (request.nextUrl.pathname.startsWith('/api/email/') || request.nextUrl.pathname.startsWith('/api/projects/') || request.nextUrl.pathname.startsWith('/api/analytics/') || request.nextUrl.pathname.startsWith('/api/health')) { return NextResponse.next(); } // Protect admin routes if (request.nextUrl.pathname.startsWith('/admin')) { const authHeader = request.headers.get('authorization'); const basicAuth = process.env.ADMIN_BASIC_AUTH; if (!basicAuth) { return new NextResponse('Admin access not configured', { status: 500 }); } if (!authHeader || !authHeader.startsWith('Basic ')) { return new NextResponse('Authentication required', { status: 401, headers: { 'WWW-Authenticate': 'Basic realm="Admin Area"', }, }); } const credentials = authHeader.split(' ')[1]; const [username, password] = Buffer.from(credentials, 'base64').toString().split(':'); const [expectedUsername, expectedPassword] = basicAuth.split(':'); if (username !== expectedUsername || password !== expectedPassword) { return new NextResponse('Invalid credentials', { status: 401, headers: { 'WWW-Authenticate': 'Basic realm="Admin Area"', }, }); } } // For all other routes, continue with normal processing return NextResponse.next(); } export const config = { matcher: [ /* * Match all request paths except for the ones starting with: * - api/email (email API routes) * - api/projects (projects API routes) * - api/analytics (analytics API routes) * - api/health (health check) * - _next/static (static files) * - _next/image (image optimization files) * - favicon.ico (favicon file) */ '/((?!api/email|api/projects|api/analytics|api/health|_next/static|_next/image|favicon.ico).*)', ], };