-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathproxy.ts
More file actions
107 lines (92 loc) · 3.43 KB
/
Copy pathproxy.ts
File metadata and controls
107 lines (92 loc) · 3.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import { NextResponse, type NextRequest } from "next/server";
import { createServerClient } from "@supabase/ssr";
export async function proxy(req: NextRequest) {
const res = NextResponse.next();
// Create Supabase client (handles cookies + session refresh)
const supabase = createServerClient(
process.env.NEXT_PUBLIC_SUPABASE_URL!,
process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
{
cookies: {
getAll: () => req.cookies.getAll(),
setAll: (cookiesToSet) => {
cookiesToSet.forEach(({ name, value, options }) =>
res.cookies.set(name, value, options),
);
},
},
},
);
// This line does EVERYTHING:
// - checks login
// - refreshes session if expired
const {
data: { user },
} = await supabase.auth.getUser();
const { pathname } = req.nextUrl;
// Define routes properly (clean separation)
// Public routes — login nahi chahiye
const isAdminRoute =
pathname.startsWith("/admin") && pathname !== "/admin/login";
const isAdminLogin = pathname === "/admin/login";
const publicRoutes = ["/", "/login", "/register", "/verify-email"];
const isPublicRoute = publicRoutes.includes(pathname);
// ── Admin routes ──────────────────────────────────────────────
if (isAdminLogin) {
// Admin already logged in → redirect to admin dashboard
if (user && user.app_metadata?.role === "admin") {
return NextResponse.redirect(new URL("/admin/dashboard", req.url));
}
return res;
}
if (isAdminRoute) {
// Not logged in → admin login
if (!user) {
return NextResponse.redirect(new URL("/admin/login", req.url));
}
// Logged in but not admin → student login (wrong portal)
if (user.app_metadata?.role !== "admin") {
return NextResponse.redirect(new URL("/login", req.url));
}
return res;
}
// ── Student routes ────────────────────────────────────────────
// Protect private routes
if (!user && !isPublicRoute) {
return NextResponse.redirect(new URL("/login", req.url));
}
// Prevent logged-in users from auth pages
// Logged in + public route → calendar dashboard
if (user && isPublicRoute && pathname !== "/") {
// Admin trying to access student portal → redirect to admin
if (user.app_metadata?.role === "admin") {
return NextResponse.redirect(new URL("/admin/dashboard", req.url));
}
return NextResponse.redirect(new URL("/calendar-dashboard", req.url));
}
// Logged in + protected route → check profile
if (user && !isPublicRoute && pathname !== "/onboarding") {
// Admin trying to access student profile → redirect to admin
if (user.app_metadata?.role === "admin") {
return NextResponse.redirect(new URL("/admin/dashboard", req.url));
}
const { data: profile } = await supabase
.from("student_profiles")
.select("id")
.eq("user_id", user.id)
.single();
if (!profile) {
return NextResponse.redirect(new URL("/onboarding", req.url));
}
}
return res;
}
// middleware only run on this routes
// export const config = {
// matcher: ["/dashboard/:path*", "/login", "/register"],
// };
export const config = {
matcher: [
"/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)",
],
};