clean routes

apps/website/middleware.ts

@@ -1,84 +1,21 @@
-import { NextResponse } from 'next/server';
 import type { NextRequest } from 'next/server';
-import { getAppMode, isPublicRoute } from './lib/mode';
+import { NextResponse } from 'next/server';
 
 /**
- * Next.js middleware for route protection
- *
- * Features:
- * - Public routes are always accessible
- * - Protected routes require authentication
- * - Demo mode allows access to all routes
- * - Returns 401 for unauthenticated access to protected routes
+ * Minimal middleware that only sets x-pathname header
+ * All auth/role/demo logic has been removed
  */
 export function middleware(request: NextRequest) {
-  const mode = getAppMode();
   const { pathname } = request.nextUrl;
-
-  // Always allow Next.js error routes (needed for build/prerender)
-  if (pathname === '/404' || pathname === '/500' || pathname === '/_error') {
-    return NextResponse.next();
-  }
-
-  // Always allow static assets and API routes (API handles its own auth)
-  // Also allow /media/ routes which are proxied to the API
-  if (
-    pathname.startsWith('/_next/') ||
-    pathname.startsWith('/api/') ||
-    pathname.startsWith('/media/') ||
-    pathname.match(/\.(svg|png|jpg|jpeg|gif|webp|ico|css|js)$/)
-  ) {
-    return NextResponse.next();
-  }
-
-  // Check for authentication cookie
-  const cookies = request.cookies;
-  const hasAuthCookie = cookies.has('gp_session');
-
-  // Public routes are always accessible
-  if (isPublicRoute(pathname)) {
-    // Special handling for auth routes - redirect authenticated users away
-    const authRoutes = [
-      '/auth/login',
-      '/auth/signup',
-      '/auth/forgot-password',
-      '/auth/reset-password',
-      '/auth/iracing',
-      '/auth/iracing/start',
-      '/auth/iracing/callback',
-    ];
-    
-    if (authRoutes.includes(pathname) && hasAuthCookie) {
-      // User is authenticated and trying to access auth page, redirect to dashboard
-      return NextResponse.redirect(new URL('/dashboard', request.url));
-    }
-    
-    return NextResponse.next();
-  }
-
-  // In demo/alpha mode, allow access if session cookie exists
-  if (mode === 'alpha' && hasAuthCookie) {
-    return NextResponse.next();
-  }
-
-  // In demo/alpha mode without auth, redirect to login
-  if (mode === 'alpha' && !hasAuthCookie) {
-    const loginUrl = new URL('/auth/login', request.url);
-    loginUrl.searchParams.set('returnTo', pathname);
-    return NextResponse.redirect(loginUrl);
-  }
-
-  // In pre-launch mode, only public routes are accessible
-  // Protected routes return 404 (non-disclosure)
-  return new NextResponse(null, {
-    status: 404,
-    statusText: 'Not Found',
-  });
+  
+  const response = NextResponse.next();
+  response.headers.set('x-pathname', pathname);
+  
+  return response;
 }
 
 /**
  * Configure which routes the middleware should run on
- * Excludes Next.js internal routes and static assets
  */
 export const config = {
   matcher: [
@@ -86,8 +23,9 @@ export const config = {
      * Match all request paths except:
      * - _next/static (static files)
      * - _next/image (image optimization files)
+     * - _next/data (Next.js data requests)
      * - favicon.ico (favicon file)
-     * - public folder files
+     * - Files with extensions (static assets)
      */
     '/((?!_next/static|_next/image|_next/data|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|mp4|webm|mov|avi)$).*)',
   ],