36 lines
951 B
TypeScript
36 lines
951 B
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
|
|
export async function middleware(req: NextRequest) {
|
|
// Check for our session cookie (simple check, actual validation happens in API routes)
|
|
const sessionToken = req.cookies.get("ep_session")?.value;
|
|
const pathname = req.nextUrl.pathname;
|
|
|
|
// Protected routes that require authentication
|
|
const protectedRoutes = [
|
|
"/account",
|
|
"/admin",
|
|
];
|
|
|
|
const isProtectedRoute = protectedRoutes.some(route => pathname.startsWith(route));
|
|
|
|
// If not a protected route, allow access
|
|
if (!isProtectedRoute) {
|
|
return NextResponse.next();
|
|
}
|
|
|
|
// If protected route and no session token, redirect to home
|
|
if (!sessionToken) {
|
|
return NextResponse.redirect(new URL("/", req.url));
|
|
}
|
|
|
|
// Allow access (actual session validation happens in API routes)
|
|
return NextResponse.next();
|
|
}
|
|
|
|
export const config = {
|
|
matcher: [
|
|
"/account/:path*",
|
|
"/admin/:path*",
|
|
],
|
|
};
|