renamed middleware.ts to proxy.ts and removed the runtime export

2025-12-28 15:18:04 +01:00
parent be21f46ad5
commit f9a3719b6b
1 changed files with 2 additions and 3 deletions
--- a/proxy.ts
+++ b/proxy.ts
@@ -0,0 +1,41 @@
+import { auth } from "@/src/lib/auth";
+import { NextResponse } from "next/server";
+
+/**
+ * Next.js Proxy for route protection.
+ * Provides defense-in-depth by checking authentication at the edge
+ * before requests reach page components.
+ *
+ * Note: Proxy always runs on Node.js runtime.
+ */
+
+export default auth((req) => {
+  const isAuthenticated = !!req.auth;
+  const pathname = req.nextUrl.pathname;
+
+  // Allow public routes
+  if (pathname === "/login" || pathname.startsWith("/api/auth") || pathname === "/api/health") {
+    return NextResponse.next();
+  }
+
+  // Redirect unauthenticated users to login
+  if (!isAuthenticated && !pathname.startsWith("/login")) {
+    const loginUrl = new URL("/login", req.url);
+    return NextResponse.redirect(loginUrl);
+  }
+
+  return NextResponse.next();
+});
+
+export const config = {
+  matcher: [
+    /*
+     * Match all request paths except for the ones starting with:
+     * - _next/static (static files)
+     * - _next/image (image optimization files)
+     * - favicon.ico (favicon file)
+     * - public folder
+     */
+    "/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)",
+  ],
+};