built user portal behind auth

2025-09-27 14:30:16 -04:00 · 2025-09-27 14:30:16 -04:00 · 37d474d7c8
commit 37d474d7c8
parent 5c6962f4a5
48 changed files with 822 additions and 496 deletions
--- a/middleware.ts
+++ b/middleware.ts
@ -1,32 +1,67 @@
 // middleware.ts
-import { NextResponse } from "next/server";
-import type { NextRequest } from "next/server";
+import { NextResponse, NextRequest } from "next/server";
+
+const PUBLIC_PATHS = new Set<string>([
+    "/auth/sign-in",
+    "/auth/sign-up",
+]);
+
+// If you have additional public pages (e.g., marketing), add them here.
+// Keep API endpoints out of this middleware unless you explicitly want to block them.

 export function middleware(req: NextRequest) {
-    const { pathname, searchParams, origin } = req.nextUrl;
+    const { pathname, search } = req.nextUrl;
+    const isPublic = isPublicPath(pathname);
+    const isAuthRoute = pathname.startsWith("/auth/");
+    const token = req.cookies.get("ma_at")?.value ?? "";

-    const isAuthPage =
-    pathname === "/auth/sign-in" || pathname === "/auth/sign-up";
-    const isMyArea = pathname.startsWith("/my/");
-
-    const at = req.cookies.get("ma_at")?.value;
-
-    // Gate /my/*
-    if (isMyArea && !at) {
-        const dest = new URL("/auth/sign-in", origin);
-        dest.searchParams.set("next", pathname + (req.nextUrl.search || ""));
-        return NextResponse.redirect(dest);
+    // 1) If already authed and on an auth route, dump to /portal
+    if (token && isAuthRoute) {
+        const url = req.nextUrl.clone();
+        url.pathname = "/portal";
+        url.search = "";
+        return NextResponse.redirect(url);
    }

-    // If logged in and on auth pages, send to next or /my/rigs
-    if (isAuthPage && at) {
-        const nxt = searchParams.get("next") || "/my/rigs";
-        return NextResponse.redirect(new URL(nxt, origin));
+    // 2) If not authed and path is protected → send to sign-in with next=<original>
+    if (!token && !isPublic) {
+        const url = req.nextUrl.clone();
+        url.pathname = "/auth/sign-in";
+        // Default to /portal after login, but preserve deep-link if present
+        const next = pathname + (search || "");
+        url.search = next ? `?next=${encodeURIComponent(next)}` : `?next=${encodeURIComponent("/portal")}`;
+        return NextResponse.redirect(url);
    }

+    // 3) Otherwise, allow through
    return NextResponse.next();
 }

+// Helpers
+function isPublicPath(pathname: string): boolean {
+    // Public routes
+    if (PUBLIC_PATHS.has(pathname)) return true;
+
+    // Static assets and framework internals
+    if (
+        pathname.startsWith("/_next/") ||
+        pathname.startsWith("/static/") ||
+        pathname.startsWith("/images/") ||
+        pathname === "/favicon.ico" ||
+        pathname === "/robots.txt" ||
+        pathname === "/sitemap.xml"
+    ) return true;
+
+    // API routes: by default we *do not* block /api/* in middleware (let routes handle auth)
+    if (pathname.startsWith("/api/")) return true;
+
+    // Everything else is protected
+    return false;
+}
+
 export const config = {
-    matcher: ["/my/:path*", "/auth/sign-in", "/auth/sign-up"],
+    // Run middleware for all paths except the most common static files (belt & suspenders)
+    matcher: [
+        "/((?!_next/static|_next/image|favicon.ico|robots.txt|sitemap.xml|images|static).*)",
+    ],
 };