| import { NextResponse } from "next/server"; | |
| import type { NextRequest } from "next/server"; | |
| export async function proxy(request: NextRequest) { | |
| const response = NextResponse.next(); | |
| // 1. Add Security Headers (Backup to next.config.ts) | |
| response.headers.set("X-Content-Type-Options", "nosniff"); | |
| response.headers.set("X-Frame-Options", "DENY"); | |
| response.headers.set("X-XSS-Protection", "1; mode=block"); | |
| response.headers.set("Referrer-Policy", "strict-origin-when-cross-origin"); | |
| // 2. Rate Limiting (Placeholder for Edge Runtime) | |
| // Note: True Redis-based rate limiting requires an Edge-compatible Redis client (HTTP-based) | |
| // or moving this logic to the application layer (route handlers). | |
| // We implemented the robust rate-limiting in lib/rate-limit.ts to be used in API routes. | |
| // Example of simple path-based protection | |
| const path = request.nextUrl.pathname; | |
| if (path.startsWith("/api/")) { | |
| // Basic check logic could go here | |
| } | |
| return response; | |
| } | |
| export const config = { | |
| matcher: [ | |
| /* | |
| * Match all request paths except for the ones starting with: | |
| * - _next/static (static files) | |
| * - _next/image (image optimization files) | |
| * - favicon.ico (favicon file) | |
| */ | |
| "/((?!_next/static|_next/image|favicon.ico).*)", | |
| ], | |
| }; | |