Perplexica/ui/middleware.ts

import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';

const decodeBase64 = (encoded: string): { username: string; password: string } | null => {
  try {
    const decoded = Buffer.from(encoded, 'base64').toString('utf-8');
    const [username, password] = decoded.split(':');
    if (username && password) {
      return { username, password };
    }
    return null;
  } catch {
    return null;
  }
};

const verifyPassword = (inputPassword: string, storedPassword: string): boolean => {
  return inputPassword === storedPassword;
};

export function middleware(request: NextRequest) {
  const response = NextResponse.next();

  // Extract cookies from the request
  const cookies = request.headers.get('cookie');
  let authEnabled = false;
  let authUsername = '';
  let authPassword = '';

  if (cookies) {
    const parsedCookies = Object.fromEntries(cookies.split('; ').map(c => c.split('=')));
    authEnabled = parsedCookies['authEnabled'] === 'true';
    authUsername = parsedCookies['authUsername'] || '';
    authPassword = parsedCookies['authPassword'] || '';
  }

  if (authEnabled) {
    const authHeader = request.headers.get('authorization');

    if (!authHeader || !authHeader.startsWith('Basic ')) {
      const headers = new Headers();
      headers.set('WWW-Authenticate', 'Basic realm="Restricted Area"');
      return new NextResponse('Authentication Required', { status: 401, headers });
    }

    const encodedCredentials = authHeader.split(' ')[1];
    const credentials = decodeBase64(encodedCredentials);

    if (
      !credentials ||
      credentials.username !== authUsername ||
      !verifyPassword(credentials.password, authPassword)
    ) {
      const headers = new Headers();
      headers.set('WWW-Authenticate', 'Basic realm="Restricted Area"');
      return new NextResponse('Invalid Credentials', { status: 401, headers });
    }

    // Credentials are valid; allow access
    return response;
  }

  // Authentication not enabled; allow access
  return response;
}

export const config = {
  matcher: '/:path*',
};