-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathproxy.ts
More file actions
38 lines (32 loc) · 1.51 KB
/
Copy pathproxy.ts
File metadata and controls
38 lines (32 loc) · 1.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import { NextResponse, type NextRequest } from 'next/server';
import { updateSession } from '@/lib/supabase/middleware';
// Auth is OFF until the public Supabase env vars are present, so the app keeps working
// unauthenticated until Google sign-in is configured (no risk of locking yourself out).
const AUTH_ENABLED = !!(process.env.NEXT_PUBLIC_SUPABASE_URL && process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY);
// Paths reachable without a session.
const PUBLIC_PREFIXES = ['/login', '/auth'];
// Next.js 16 "proxy" convention (formerly middleware).
export async function proxy(request: NextRequest) {
if (!AUTH_ENABLED) return NextResponse.next();
const { pathname } = request.nextUrl;
const { response, user } = await updateSession(request);
const isPublic = PUBLIC_PREFIXES.some(p => pathname === p || pathname.startsWith(p + '/'));
if (!user && !isPublic) {
const url = request.nextUrl.clone();
url.pathname = '/login';
url.searchParams.set('next', pathname);
return NextResponse.redirect(url);
}
if (user && pathname === '/login') {
const url = request.nextUrl.clone();
url.pathname = '/';
url.search = '';
return NextResponse.redirect(url);
}
return response;
}
// Run on everything except Next internals, static assets, and /api (cron uses a bearer secret,
// not a session — it must not be gated).
export const config = {
matcher: ['/((?!_next/static|_next/image|favicon.ico|api|.*\\.(?:png|jpg|jpeg|svg|gif|webp|ico)$).*)'],
};