güncelleme

middleware.ts

@@ -38,11 +38,19 @@ export async function middleware(request: NextRequest) {
     } = await supabase.auth.getUser();
 
     // Protected routes
-    if (!user && request.nextUrl.pathname.startsWith("/dashboard")) {
-        return NextResponse.redirect(new URL("/login", request.url));
+    if (request.nextUrl.pathname.startsWith("/dashboard")) {
+        if (!user) {
+            return NextResponse.redirect(new URL("/login", request.url));
+        }
+
+        // 2FA Check
+        const isVerified = request.cookies.get('parakasa_2fa_verified')?.value === 'true'
+        if (!isVerified) {
+            return NextResponse.redirect(new URL("/verify-2fa", request.url));
+        }
     }
 
-    // Redirect to dashboard if logged in and trying to access auth pages
+    // Redirect to dashboard (or verify) if logged in
     if (user && (request.nextUrl.pathname.startsWith("/login") || request.nextUrl.pathname.startsWith("/signup"))) {
         return NextResponse.redirect(new URL("/dashboard", request.url));
     }