| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 |
- import { NextRequest, NextResponse } from "next/server";
- import { getKindeServerSession } from "@kinde-oss/kinde-auth-nextjs/server";
- export async function middleware(request: NextRequest) {
- // Allow public routes
- const publicPaths = [
- "/",
- "/api/auth/login",
- "/api/auth/register",
- "/api/auth/callback",
- "/api/auth/logout",
- "/favicon.ico",
- "/_next",
- "/public",
- ];
-
- const pathname = request.nextUrl.pathname;
- const isPublicPath = publicPaths.some(path => pathname.startsWith(path));
-
- // Allow public access to auth routes and static assets
- if (isPublicPath) {
- return NextResponse.next();
- }
-
- // Check authentication for protected routes
- const protectedPaths = [
- "/files",
- "/api-docs",
- ];
-
- const isProtectedPath = protectedPaths.some(path => pathname.startsWith(path));
-
- if (isProtectedPath) {
- try {
- const { isAuthenticated } = getKindeServerSession();
- const authenticated = await isAuthenticated();
-
- // Add debugging headers
- const response = NextResponse.next();
- response.headers.set('X-Auth-Status', authenticated ? 'authenticated' : 'unauthenticated');
-
- if (!authenticated) {
- // Redirect to login page if not authenticated
- const loginUrl = new URL("/api/auth/login", request.url);
- loginUrl.searchParams.set("post_login_redirect_url", pathname);
- return NextResponse.redirect(loginUrl);
- }
-
- return response;
- } catch (error) {
- console.error("Authentication check failed:", error);
- // Redirect to login on authentication error
- const loginUrl = new URL("/api/auth/login", request.url);
- return NextResponse.redirect(loginUrl);
- }
- }
-
- // Allow all other routes
- return NextResponse.next();
- }
- export const config = {
- matcher: ["/((?!api|_next/static|_next/image|favicon.ico).*)"],
- };
|
