Dental Care
This commit is contained in:
Iliyan Angelov
79
middleware.ts
Normal file
79
middleware.ts
Normal file
@@ -0,0 +1,79 @@
|
||||
import { NextRequest, NextResponse } from "next/server";
|
||||
import { getSessionCookie } from "better-auth/cookies";
|
||||
|
||||
/**
|
||||
* Middleware for protecting authenticated routes
|
||||
*
|
||||
* Best practices from Better Auth:
|
||||
* - Use getSessionCookie for optimistic cookie-based session check
|
||||
* - Handle redirects properly with intent preservation
|
||||
* - Exclude public routes and API routes
|
||||
* - Don't perform RBAC here (do it at page level with database access)
|
||||
*
|
||||
* Note: This is an OPTIMISTIC check (cookie existence only)
|
||||
* Full session validation happens at the page level using auth.api.getSession()
|
||||
*
|
||||
* Protected routes:
|
||||
* - /admin/* - Admin panel (role check in page)
|
||||
* - /dentist/* - Dentist portal (role check in page)
|
||||
* - /patient/* - Patient portal (role check in page)
|
||||
* - /profile/* - User profile (any authenticated user)
|
||||
*/
|
||||
export async function middleware(request: NextRequest) {
|
||||
const pathname = request.nextUrl.pathname;
|
||||
|
||||
// Skip middleware for API routes and public paths
|
||||
if (
|
||||
pathname.startsWith("/api/auth") ||
|
||||
pathname.startsWith("/_next") ||
|
||||
pathname.startsWith("/static")
|
||||
) {
|
||||
return NextResponse.next();
|
||||
}
|
||||
|
||||
// Optimistic cookie-based session check
|
||||
// This only checks for cookie existence, not validity
|
||||
// Full validation happens at the page level
|
||||
// CRITICAL: Must pass cookiePrefix to match auth.ts configuration
|
||||
const sessionCookie = getSessionCookie(request, {
|
||||
cookiePrefix: "better-auth", // Must match advanced.cookiePrefix in auth.ts
|
||||
});
|
||||
|
||||
// No session cookie - redirect to sign-in
|
||||
if (!sessionCookie) {
|
||||
if (process.env.NODE_ENV === "development") {
|
||||
console.log("[Middleware] No session cookie found for:", pathname);
|
||||
}
|
||||
|
||||
const signInUrl = new URL("/sign-in", request.url);
|
||||
signInUrl.searchParams.set("from", pathname);
|
||||
return NextResponse.redirect(signInUrl);
|
||||
}
|
||||
|
||||
// Session cookie exists - allow access
|
||||
// Note: RBAC is handled at the page level where we have database access
|
||||
const response = NextResponse.next();
|
||||
|
||||
// Prevent caching of authenticated pages
|
||||
response.headers.set(
|
||||
"Cache-Control",
|
||||
"no-store, no-cache, must-revalidate, proxy-revalidate"
|
||||
);
|
||||
response.headers.set("Pragma", "no-cache");
|
||||
response.headers.set("Expires", "0");
|
||||
|
||||
return response;
|
||||
}
|
||||
|
||||
export const config = {
|
||||
matcher: [
|
||||
"/admin/:path*",
|
||||
"/admin",
|
||||
"/dentist/:path*",
|
||||
"/dentist",
|
||||
"/patient/:path*",
|
||||
"/patient",
|
||||
"/profile/:path*",
|
||||
"/profile",
|
||||
],
|
||||
};
|
||||
Reference in New Issue
Block a user