mmintel/gridpilot.gg
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

middleware fix wip

Browse Source
This commit is contained in:
Marc Mintel
2026-01-04 01:45:14 +01:00
parent 99092e2759
commit b8eb8fb005
7 changed files with 170 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
apps/website/middleware.ts
View File

@@ -16,18 +16,41 @@ import { routes, routeMatchers } from '@/lib/routing/RouteConfig';
export async function middleware(request: NextRequest) {
const { pathname } = request.nextUrl;
// Debug logging
console.log(`[MIDDLEWARE] Processing request for path: ${pathname}`);
// Handle /sponsor root redirect to /sponsor/dashboard in middleware to preserve cookies
if (pathname === '/sponsor') {
console.log(`[MIDDLEWARE] Redirecting /sponsor to /sponsor/dashboard`);
return NextResponse.redirect(new URL('/sponsor/dashboard', request.url));
}
// Set x-pathname header for layout-level protection
const response = NextResponse.next();
response.headers.set('x-pathname', pathname);
// Get session first (needed for all auth-related decisions)
const sessionGateway = new SessionGateway();
const session = await sessionGateway.getSession();
const session = await sessionGateway.getSessionFromRequest(request);
console.log(`[MIDDLEWARE] Session retrieved:`, session ? 'Session found' : 'No session');
if (session) {
console.log(`[MIDDLEWARE] User role:`, session.user?.role);
}
// Auth pages (login, signup, etc.) - handle before public check
if (routeMatchers.isInGroup(pathname, 'auth')) {
if (session) {
// User is authenticated, redirect away from auth page
// Check if user was redirected here due to insufficient permissions
const returnTo = request.nextUrl.searchParams.get('returnTo');
if (returnTo) {
// User has a session but insufficient permissions for the returnTo route
// Allow them to see the login page (they may need to switch accounts)
console.log(`[MIDDLEWARE] Authenticated user at login with returnTo, allowing access`);
return response;
}
// User is authenticated and navigated to auth page directly, redirect away
const role = session.user?.role || 'driver';
const redirectPath = getHomePathForRole(role);
@@ -46,12 +69,14 @@ export async function middleware(request: NextRequest) {
// Public routes (no auth required, but not auth pages)
if (routeMatchers.isPublic(pathname)) {
console.log(`[MIDDLEWARE] Route is public, allowing access`);
return response;
}
// Protected routes (require authentication)
if (!session) {
// No session, redirect to login
console.log(`[MIDDLEWARE] No session, redirecting to login`);
// Preserve locale if present in the path
const localeMatch = pathname.match(/^\/([a-z]{2})\//);
const locale = localeMatch ? localeMatch[1] : null;
@@ -64,16 +89,20 @@ export async function middleware(request: NextRequest) {
redirectUrl.pathname = `/${locale}${redirectUrl.pathname}`;
}
console.log(`[MIDDLEWARE] Redirecting to:`, redirectUrl.toString());
return NextResponse.redirect(redirectUrl);
}
// Role-based access control
const requiredRoles = routeMatchers.requiresRole(pathname);
console.log(`[MIDDLEWARE] Required roles for ${pathname}:`, requiredRoles);
if (requiredRoles) {
const userRole = session.user?.role;
console.log(`[MIDDLEWARE] User role:`, userRole);
if (!userRole || !requiredRoles.includes(userRole)) {
// User doesn't have required role or no role at all, redirect to login
console.log(`[MIDDLEWARE] User doesn't have required role, redirecting to login`);
// Preserve locale if present in the path
const localeMatch = pathname.match(/^\/([a-z]{2})\//);
const locale = localeMatch ? localeMatch[1] : null;
@@ -85,11 +114,13 @@ export async function middleware(request: NextRequest) {
redirectUrl.pathname = `/${locale}${redirectUrl.pathname}`;
}
console.log(`[MIDDLEWARE] Redirecting to:`, redirectUrl.toString());
return NextResponse.redirect(redirectUrl);
}
}
// All checks passed, allow access
console.log(`[MIDDLEWARE] All checks passed, allowing access`);
return response;
}