661135d137
The middleware was intercepting API proxy requests and redirecting to /login. API routes should pass through to the Go backend which handles its own JWT auth.
61 lines
1.6 KiB
TypeScript
61 lines
1.6 KiB
TypeScript
import { createServerClient } from "@supabase/ssr";
|
|
import { NextResponse, type NextRequest } from "next/server";
|
|
|
|
export async function middleware(request: NextRequest) {
|
|
let supabaseResponse = NextResponse.next({ request });
|
|
|
|
const supabase = createServerClient(
|
|
process.env.NEXT_PUBLIC_SUPABASE_URL!,
|
|
process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
|
|
{
|
|
cookies: {
|
|
getAll() {
|
|
return request.cookies.getAll();
|
|
},
|
|
setAll(cookiesToSet) {
|
|
cookiesToSet.forEach(({ name, value }) =>
|
|
request.cookies.set(name, value),
|
|
);
|
|
supabaseResponse = NextResponse.next({ request });
|
|
cookiesToSet.forEach(({ name, value, options }) =>
|
|
supabaseResponse.cookies.set(name, value, options),
|
|
);
|
|
},
|
|
},
|
|
},
|
|
);
|
|
|
|
const {
|
|
data: { user },
|
|
} = await supabase.auth.getUser();
|
|
|
|
const { pathname } = request.nextUrl;
|
|
|
|
// Auth pages — redirect to app if already logged in
|
|
if (user && (pathname === "/login" || pathname === "/register")) {
|
|
const url = request.nextUrl.clone();
|
|
url.pathname = "/";
|
|
return NextResponse.redirect(url);
|
|
}
|
|
|
|
// Protected routes — redirect to login if not authenticated
|
|
if (
|
|
!user &&
|
|
!pathname.startsWith("/login") &&
|
|
!pathname.startsWith("/register") &&
|
|
!pathname.startsWith("/callback")
|
|
) {
|
|
const url = request.nextUrl.clone();
|
|
url.pathname = "/login";
|
|
return NextResponse.redirect(url);
|
|
}
|
|
|
|
return supabaseResponse;
|
|
}
|
|
|
|
export const config = {
|
|
matcher: [
|
|
"/((?!api/|_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)",
|
|
],
|
|
};
|