kovakmedya/lab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(middleware): protect jobs/products/finance/connections routes

Browse Source 
These DLS module routes were added in the previous bootstrap but the auth
middleware's PROTECTED_PREFIXES list still mirrored isletmem's CRM modules,
so /jobs/inbound etc. were returning 200 without a session and exposing the
placeholder shell. Build smoke test caught it; layout-level redirect alone
was not enforcing it for those paths.
This commit is contained in:
kovakmedya
2026-05-21 18:46:31 +03:00
parent 92c3b53e39
commit 1dd8627c30
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/middleware.ts
+9 -1
View File
@@ -16,7 +16,15 @@ const PUBLIC_AUTH_PATHS = [
"/reset-password", "/reset-password",
]; ];
const PROTECTED_PREFIXES = ["/dashboard", "/onboarding", "/settings"]; const PROTECTED_PREFIXES = [
"/dashboard",
"/onboarding",
"/settings",
"/jobs",
"/products",
"/finance",
"/connections",
];
export function middleware(request: NextRequest) { export function middleware(request: NextRequest) {
const { pathname } = request.nextUrl; const { pathname } = request.nextUrl;