55fd91ff52
- Create src/middleware.ts using Auth.js v5 auth() wrapper - Protect /app/* routes: redirect unauthenticated users to /login - Protect /api/* routes (except /api/auth/* and /api/health): return 401 JSON for unauthenticated requests - Redirect authenticated users away from /login and /register to /app - Mark task 5.1 as complete in tasks.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
44 lines
1.4 KiB
TypeScript
44 lines
1.4 KiB
TypeScript
import { auth } from "@/auth";
|
|
import { NextResponse } from "next/server";
|
|
|
|
export const middleware = auth((req) => {
|
|
const { pathname } = req.nextUrl;
|
|
const isAuthenticated = !!req.auth;
|
|
|
|
// Protect /api/* except /api/auth/* and /api/health
|
|
if (pathname.startsWith("/api/")) {
|
|
const isAuthRoute = pathname.startsWith("/api/auth/");
|
|
const isHealthRoute = pathname === "/api/health";
|
|
|
|
if (!isAuthRoute && !isHealthRoute && !isAuthenticated) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
}
|
|
|
|
return NextResponse.next();
|
|
}
|
|
|
|
// Redirect authenticated users away from /login and /register
|
|
if (isAuthenticated && (pathname === "/login" || pathname === "/register")) {
|
|
return NextResponse.redirect(new URL("/app", req.nextUrl.origin));
|
|
}
|
|
|
|
// Protect /app/* routes — redirect unauthenticated users to /login
|
|
if (pathname.startsWith("/app") && !isAuthenticated) {
|
|
return NextResponse.redirect(new URL("/login", req.nextUrl.origin));
|
|
}
|
|
|
|
return NextResponse.next();
|
|
});
|
|
|
|
export const config = {
|
|
matcher: [
|
|
/*
|
|
* Match all request paths except:
|
|
* - _next/static (static files)
|
|
* - _next/image (image optimisation)
|
|
* - favicon.ico / favicon.png / favicon.svg
|
|
* - public assets (top-level files that are not pages)
|
|
*/
|
|
"/((?!_next/static|_next/image|favicon\\.ico|favicon\\.png|favicon\\.svg).*)",
|
|
],
|
|
};
|