import { createServerClient } from '@supabase/ssr' import { NextResponse, type NextRequest } from 'next/server' const PUBLIC_PATHS = ['/login', '/auth/confirm'] export async function middleware(request: NextRequest) { let supabaseResponse = NextResponse.next({ request }) const supabase = createServerClient( process.env.NEXT_PUBLIC_SUPABASE_URL!, process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!, { cookies: { getAll() { return request.cookies.getAll() }, setAll(cookiesToSet) { cookiesToSet.forEach(({ name, value }) => request.cookies.set(name, value), ) supabaseResponse = NextResponse.next({ request }) cookiesToSet.forEach(({ name, value, options }) => supabaseResponse.cookies.set(name, value, options), ) }, }, }, ) // Use getClaims() for cryptographic JWT verification (not getSession()) const { data: { user }, } = await supabase.auth.getUser() const { pathname } = request.nextUrl const isPublicPath = PUBLIC_PATHS.some((p) => pathname.startsWith(p)) if (!user && !isPublicPath) { const url = request.nextUrl.clone() url.pathname = '/login' return NextResponse.redirect(url) } if (user && pathname === '/login') { const url = request.nextUrl.clone() url.pathname = '/dashboard' return NextResponse.redirect(url) } return supabaseResponse } export const config = { matcher: [ '/((?!_next/static|_next/image|favicon.ico|icons|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)', ], }