import { NextResponse } from "next/server"; import type { NextRequest } from "next/server"; const PROTECTED_ROUTES = ["/jobs", "/applications", "/profile", "/resume", "/settings"]; const AUTH_ROUTES = ["/login", "/register"]; export function middleware(request: NextRequest) { const { pathname } = request.nextUrl; // Check for auth token in cookies or authorization header const token = request.cookies.get("access_token")?.value || request.headers.get("authorization")?.replace("Bearer ", ""); // For client-side auth (localStorage), we check via a custom header or skip server-side check // The actual auth guard is done client-side via useAuthStore // This middleware handles basic route protection const isProtected = PROTECTED_ROUTES.some((route) => pathname.startsWith(route)); const isAuthRoute = AUTH_ROUTES.some((route) => pathname.startsWith(route)); // If authenticated user visits auth pages, redirect to dashboard if (isAuthRoute && token) { return NextResponse.redirect(new URL("/jobs", request.url)); } return NextResponse.next(); } export const config = { matcher: ["/((?!api|_next/static|_next/image|favicon.ico|public).*)"], };