@@ -116,14 +126,13 @@ export default function SignIn({ nextPath = "/portal", reauth = false }: Props)
- {!reauth && (
-
- )}
+ {/* Always show a sign-up path, even on reauth, to avoid dead-ends for first-time visitors */}
+
);
}
diff --git a/app/auth/sign-up/page.tsx b/app/auth/sign-up/page.tsx
index 569ae57c..96ce741d 100644
--- a/app/auth/sign-up/page.tsx
+++ b/app/auth/sign-up/page.tsx
@@ -2,6 +2,7 @@
import { cookies } from "next/headers";
import { redirect } from "next/navigation";
import SignUp from "./sign-up";
+import { isJwtValid } from "@/lib/jwt";
export default async function SignUpPage({
searchParams,
@@ -10,7 +11,7 @@ export default async function SignUpPage({
}) {
const ck = await cookies();
const at = ck.get("ma_at")?.value;
- if (at) redirect("/portal");
+ if (isJwtValid(at)) redirect("/portal");
const sp = searchParams ?? {};
const nextParam = Array.isArray(sp.next) ? sp.next[0] : sp.next;
diff --git a/app/page.tsx b/app/page.tsx
index 245481bc..29fd3114 100644
--- a/app/page.tsx
+++ b/app/page.tsx
@@ -3,19 +3,35 @@ import { cookies } from "next/headers";
import { redirect } from "next/navigation";
import SignIn from "@/app/auth/sign-in/sign-in";
import SignUp from "@/app/auth/sign-up/sign-up";
+import { isJwtValid } from "@/lib/jwt";
-export default async function HomePage() {
- // If already signed in, go straight to the app
+type SearchParams = { [key: string]: string | string[] | undefined };
+
+export default async function HomePage({
+ searchParams,
+}: {
+ searchParams?: SearchParams;
+}) {
+ // If already signed in with a VALID token, go straight to the app
const ck = await cookies();
const at = ck.get("ma_at")?.value;
- if (at) redirect("/portal");
+ if (isJwtValid(at)) redirect("/portal");
+
+ const reauth = searchParams?.reauth === "1";
return (
+ {reauth && (
+
+ Your session expired. Please sign in again.
+
+ )}
+
MakeArmy
- Free to use. Manage laser rigs, settings, and projects—all in one place.
+ Free to use. Manage laser rigs, settings, and projects—all in one
+ place.
@@ -29,12 +45,13 @@ export default async function HomePage() {
Sign in
{/* Uses your existing sign-in component */}
-
+
- We only use cookies strictly necessary to operate the site (e.g., your sign-in session).
+ We only use cookies strictly necessary to operate the site (e.g., your
+ sign-in session).
);
diff --git a/lib/jwt.ts b/lib/jwt.ts
new file mode 100644
index 00000000..287a9ff2
--- /dev/null
+++ b/lib/jwt.ts
@@ -0,0 +1,15 @@
+// lib/jwt.ts
+export function jwtExp(token?: string | null): number | null {
+ if (!token) return null;
+ try {
+ const payload = JSON.parse(Buffer.from(token.split(".")[1], "base64").toString("utf8"));
+ return typeof payload?.exp === "number" ? payload.exp : null;
+ } catch {
+ return null;
+ }
+}
+
+export function isJwtValid(token?: string | null): boolean {
+ const exp = jwtExp(token);
+ return !!exp && exp * 1000 > Date.now();
+}
diff --git a/middleware.ts b/middleware.ts
index ac77008f..a535742e 100644
--- a/middleware.ts
+++ b/middleware.ts
@@ -83,6 +83,11 @@ import { NextResponse, NextRequest } from "next/server";
const url = req.nextUrl.clone();
const { pathname } = url;
+ // ── 0) Absolute rule: the homepage must never redirect (no mapping, no gating).
+ if (pathname === "/") {
+ return NextResponse.next();
+ }
+
// ── 1) Legacy → Portal / Canonical mapping (runs before auth gating)
const mapped = legacyMap(pathname);
if (mapped && !isSameUrl(req, mapped)) {
@@ -174,8 +179,8 @@ import { NextResponse, NextRequest } from "next/server";
type MapResult = { pathname: string; query?: Record
};
function legacyMap(pathname: string): MapResult | null {
- // If we’re already inside the portal, don’t try to remap again.
- if (pathname.startsWith("/portal")) return null;
+ // Never map the homepage, and if we’re already inside the portal, don’t remap again.
+ if (pathname === "/" || pathname.startsWith("/portal")) return null;
// 1) DETAIL PAGES: map legacy detail URLs straight into the portal with ?id=
// NOTE: We intentionally DO NOT remap `/lasers/:id` and `/projects/:id`