diff --git a/src/middleware.js b/src/middleware.js index 5f78d32..c098c47 100644 --- a/src/middleware.js +++ b/src/middleware.js @@ -1,32 +1,38 @@ -import { auth } from "@/auth" -import { NextResponse } from 'next/server' +import { auth } from "@/auth"; +import { NextResponse } from "next/server"; export default auth((req) => { - const isAuthenticated = !!req.auth - const { pathname } = req.nextUrl + const isAuthenticated = !!req.auth; + const { pathname } = req.nextUrl; - if (!isAuthenticated && pathname === "/dashboard") { - return NextResponse.redirect(new URL("/login", req.url)) + // Allow all static files and API requests + if (pathname.startsWith("/_next/") || pathname.startsWith("/api/") || pathname.startsWith("/static/")) { + return NextResponse.next(); + } + + // Redirect root ("/") to "/login" + if (pathname === "/") { + return NextResponse.redirect(new URL("/login", req.url)); + } + + // Restrict routes + if (!["/login", "/dashboard", "/scanner", "/logout", "/dashboard/non-bit"].includes(pathname)) { + return new NextResponse("Only /login, /dashboard, /scanner, /logout, and /dashboard/non-bit will work", { status: 404 }); + } + + // Redirect users based on authentication + if (!isAuthenticated && ["/dashboard", "/dashboard/non-bit"].includes(pathname)) { + return NextResponse.redirect(new URL("/login", req.url)); } if (isAuthenticated && pathname === "/login") { - return NextResponse.redirect(new URL("/dashboard", req.url)) + return NextResponse.redirect(new URL("/dashboard", req.url)); } - return NextResponse.next() -}) + return NextResponse.next(); +}); -// Protect all routes except public ones +// Updated matcher to exclude static assets and API routes export const config = { - matcher: [ - /* - * Match all request paths except for the ones starting with: - * - api (API routes) - * - _next/static (static files) - * - _next/image (image optimization files) - * - favicon.ico (favicon file) - * - public folder - */ - '/((?!api|_next/static|_next/image|favicon.ico|public).*)', - ], -} \ No newline at end of file + matcher: ["/((?!_next/static|_next/image|favicon.ico|api).*)"], // Ignore static files and API routes +};