import { createServerClient, type CookieOptions } from "@supabase/ssr"; import { NextResponse, type NextRequest } from "next/server"; export async function middleware(request: NextRequest) { let response = NextResponse.next({ request }); const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL; const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY; if (!supabaseUrl || !supabaseAnonKey) { return response; } const supabase = createServerClient(supabaseUrl, supabaseAnonKey, { cookies: { getAll() { return request.cookies.getAll(); }, setAll( cookiesToSet: Array<{ name: string; value: string; options: CookieOptions }>, ) { cookiesToSet.forEach(({ name, value }) => request.cookies.set(name, value)); response = NextResponse.next({ request }); cookiesToSet.forEach(({ name, value, options }) => response.cookies.set(name, value, options), ); }, }, }); const { data: { user }, } = await supabase.auth.getUser(); const { pathname } = request.nextUrl; // Authenticated user on landing page -> redirect to home if (user && pathname === "/") { const url = request.nextUrl.clone(); url.pathname = "/home"; return NextResponse.redirect(url); } // Unauthenticated user accessing app routes -> redirect to landing if (!user && (pathname.startsWith("/list") || pathname.startsWith("/home"))) { const url = request.nextUrl.clone(); url.pathname = "/"; return NextResponse.redirect(url); } return response; } export const config = { matcher: [ /* * Match all request paths except: * - _next/static (static files) * - _next/image (image optimization) * - favicon.ico (favicon) * - /api/* (API routes) * - /admin/* (admin routes - has its own auth) */ "/((?!_next/static|_next/image|favicon\\.ico|api/|admin).*)", ], };