init

frontend/middleware.ts

@@ -0,0 +1,39 @@
+import { NextRequest, NextResponse } from "next/server";
+import { decrypt } from "@/lib/session";
+import { cookies } from "next/headers";
+
+// Define all public routes here
+const publicRoutes = ["/login"];
+
+export default async function middleware(req: NextRequest) {
+  const path = req.nextUrl.pathname;
+  const isPublicRoute = publicRoutes.includes(path);
+
+  // Get the session cookie and decrypt it
+  const cookie = (await cookies()).get("session")?.value;
+  const session = await decrypt(cookie);
+
+  // If a user is NOT authenticated and is trying to access a PROTECTED route,
+  // redirect them to the login page.
+  if (!session?.user && !isPublicRoute) {
+    return NextResponse.redirect(new URL("/login", req.nextUrl));
+  }
+
+  // If a user IS authenticated and is trying to access a PUBLIC route (like /login),
+  // redirect them to a protected route (e.g., a dashboard or home page).
+  if (session?.user && isPublicRoute) {
+    return NextResponse.redirect(new URL("/dashboard", req.nextUrl));
+  }
+
+  if (session?.user && path == "/") {
+    return NextResponse.redirect(new URL("/dashboard", req.nextUrl));
+  }
+
+  // Otherwise, allow the request to proceed
+  return NextResponse.next();
+}
+
+// Routes Middleware should not run on
+export const config = {
+  matcher: ["/((?!api|_next/static|_next/image|.*\\.png$).*)"],
+};