import { createServerClient } from "@supabase/ssr"; import { NextResponse, type NextRequest } from "next/server"; export async function middleware(request: NextRequest) { let response = NextResponse.next({ request: { headers: request.headers, }, }); const supabase = createServerClient( process.env.NEXT_PUBLIC_SUPABASE_URL!, process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!, { cookies: { getAll() { return request.cookies.getAll(); }, setAll(cookiesToSet) { cookiesToSet.forEach(({ name, value, options }) => request.cookies.set(name, value) ); response = NextResponse.next({ request: { headers: request.headers, }, }); cookiesToSet.forEach(({ name, value, options }) => response.cookies.set(name, value, options) ); }, }, } ); const { data: { user }, } = await supabase.auth.getUser(); // Protected routes if (request.nextUrl.pathname.startsWith("/dashboard")) { if (!user) { return NextResponse.redirect(new URL("/login", request.url)); } // 2FA Check const isVerified = request.cookies.get('parakasa_2fa_verified')?.value === 'true' if (!isVerified) { return NextResponse.redirect(new URL("/verify-2fa", request.url)); } } // Redirect to dashboard (or verify) if logged in if (user && (request.nextUrl.pathname.startsWith("/login") || request.nextUrl.pathname.startsWith("/signup"))) { return NextResponse.redirect(new URL("/dashboard", request.url)); } return response; } export const config = { matcher: [ "/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)", ], };