-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmiddleware.ts
More file actions
105 lines (92 loc) · 3.23 KB
/
middleware.ts
File metadata and controls
105 lines (92 loc) · 3.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
import { createServerClient } from '@supabase/ssr'
import { NextResponse, type NextRequest } from 'next/server'
export async function middleware(request: NextRequest) {
let supabaseResponse = NextResponse.next({
request,
})
// Public routes that should not require auth or trigger network calls in middleware
const pathname = request.nextUrl.pathname
const isPublicRoute =
pathname === '/' ||
pathname === '/login' ||
pathname === '/register' ||
pathname === '/verify-email' ||
pathname.startsWith('/auth/callback') ||
pathname.startsWith('/_next') ||
pathname.startsWith('/api') ||
pathname.includes('favicon') ||
pathname.includes('.')
if (isPublicRoute) {
return supabaseResponse
}
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_DEFAULT_KEY
if (!supabaseUrl || !supabaseKey) {
console.warn('Missing Supabase environment variables. Please set NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_PUBLISHABLE_DEFAULT_KEY in your .env.local file.')
// Return the response without authentication checks
return supabaseResponse
}
const supabase = createServerClient(
supabaseUrl,
supabaseKey,
{
cookies: {
getAll() {
return request.cookies.getAll()
},
setAll(cookiesToSet) {
cookiesToSet.forEach(({ name, value, options }) => request.cookies.set(name, value))
supabaseResponse = NextResponse.next({
request,
})
cookiesToSet.forEach(({ name, value, options }) =>
supabaseResponse.cookies.set(name, value, options)
)
},
},
}
)
// IMPORTANT: Avoid writing any logic between createServerClient and
// supabase.auth.getUser(). A simple mistake could make it very hard to debug
// issues with users being randomly logged out.
let user = null;
try {
const {
data: { user: authUser },
error
} = await supabase.auth.getUser();
// Only set user if there's no error and we have a valid user
if (!error && authUser) {
user = authUser;
}
} catch (error) {
console.error('Middleware auth check failed:', error);
// Continue without user to prevent blocking requests
}
// If user is not signed in and the current path is not a public route,
// redirect the user to /login
if (!user && !isPublicRoute) {
const redirectUrl = request.nextUrl.clone()
redirectUrl.pathname = '/login'
return NextResponse.redirect(redirectUrl)
}
// If user is signed in and trying to access auth pages, redirect to polls
if (user && (pathname === '/login' || pathname === '/register')) {
const redirectUrl = request.nextUrl.clone()
redirectUrl.pathname = '/polls'
return NextResponse.redirect(redirectUrl)
}
return supabaseResponse
}
export const config = {
matcher: [
/*
* Match all request paths except for the ones starting with:
* - _next/static (static files)
* - _next/image (image optimization files)
* - favicon.ico (favicon file)
* Feel free to modify this pattern to include more paths.
*/
'/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)',
],
}