-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmiddleware.ts
More file actions
85 lines (74 loc) · 2.69 KB
/
middleware.ts
File metadata and controls
85 lines (74 loc) · 2.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
/**
* Next.js Middleware
*
* Handles route protection and session refresh.
* Redirects unauthenticated users to login for protected routes.
*/
import { createServerClient, type CookieOptions } from '@supabase/ssr';
import { NextResponse, type NextRequest } from 'next/server';
import { env } from '@/lib/env';
export async function middleware(request: NextRequest) {
let response = NextResponse.next({
request: {
headers: request.headers,
},
});
const supabase = createServerClient(
env.NEXT_PUBLIC_SUPABASE_URL,
env.NEXT_PUBLIC_SUPABASE_ANON_KEY,
{
cookies: {
get: (name: string) => request.cookies.get(name)?.value,
set: (name: string, value: string, options: CookieOptions) => {
request.cookies.set({ name, value, ...options });
response = NextResponse.next({
request: {
headers: request.headers,
},
});
response.cookies.set({ name, value, ...options });
},
remove: (name: string, options: CookieOptions) => {
request.cookies.delete(name);
response = NextResponse.next({
request: {
headers: request.headers,
},
});
response.cookies.delete(name);
},
},
}
);
const { data: { session } } = await supabase.auth.getSession();
// Define protected routes
const protectedPaths = ['/dashboard', '/tasks', '/analytics', '/settings'];
const isProtectedPath = protectedPaths.some((path) =>
request.nextUrl.pathname.startsWith(path)
);
// Define auth routes (redirect to dashboard if already logged in)
const authPaths = ['/login', '/register'];
const isAuthPath = authPaths.some((path) =>
request.nextUrl.pathname.startsWith(path)
);
// Redirect to login if accessing protected route without session
if (!session && isProtectedPath) {
const redirectUrl = new URL('/login', request.url);
redirectUrl.searchParams.set('redirect', request.nextUrl.pathname);
return NextResponse.redirect(redirectUrl);
}
// Redirect to dashboard if accessing auth route with active session
if (session && isAuthPath) {
return NextResponse.redirect(new URL('/dashboard', request.url));
}
// Redirect authenticated users from root to dashboard
// Unauthenticated users see the landing page at root
if (session && request.nextUrl.pathname === '/') {
return NextResponse.redirect(new URL('/dashboard', request.url));
}
return response;
}
export const config = {
matcher: ['/dashboard/:path*', '/tasks/:path*', '/analytics/:path*', '/settings/:path*', '/login', '/register', '/'],
// Note: /auth/callback is intentionally excluded to allow OAuth redirects
};