| import { NextResponse } from "next/server"; | |
| import type { NextRequest } from "next/server"; | |
| const PROTECTED_ROUTES = ["/jobs", "/applications", "/profile", "/resume", "/settings"]; | |
| const AUTH_ROUTES = ["/login", "/register"]; | |
| export function middleware(request: NextRequest) { | |
| const { pathname } = request.nextUrl; | |
| // Check for auth token in cookies or authorization header | |
| const token = | |
| request.cookies.get("access_token")?.value || | |
| request.headers.get("authorization")?.replace("Bearer ", ""); | |
| // For client-side auth (localStorage), we check via a custom header or skip server-side check | |
| // The actual auth guard is done client-side via useAuthStore | |
| // This middleware handles basic route protection | |
| const isProtected = PROTECTED_ROUTES.some((route) => pathname.startsWith(route)); | |
| const isAuthRoute = AUTH_ROUTES.some((route) => pathname.startsWith(route)); | |
| // If authenticated user visits auth pages, redirect to dashboard | |
| if (isAuthRoute && token) { | |
| return NextResponse.redirect(new URL("/jobs", request.url)); | |
| } | |
| return NextResponse.next(); | |
| } | |
| export const config = { | |
| matcher: ["/((?!api|_next/static|_next/image|favicon.ico|public).*)"], | |
| }; | |