fix(middleware): protect jobs/products/finance/connections routes
These DLS module routes were added in the previous bootstrap but the auth middleware's PROTECTED_PREFIXES list still mirrored isletmem's CRM modules, so /jobs/inbound etc. were returning 200 without a session and exposing the placeholder shell. Build smoke test caught it; layout-level redirect alone was not enforcing it for those paths.
This commit is contained in:
kovakmedya
+9
-1
@@ -16,7 +16,15 @@ const PUBLIC_AUTH_PATHS = [
|
||||
"/reset-password",
|
||||
];
|
||||
|
||||
const PROTECTED_PREFIXES = ["/dashboard", "/onboarding", "/settings"];
|
||||
const PROTECTED_PREFIXES = [
|
||||
"/dashboard",
|
||||
"/onboarding",
|
||||
"/settings",
|
||||
"/jobs",
|
||||
"/products",
|
||||
"/finance",
|
||||
"/connections",
|
||||
];
|
||||
|
||||
export function middleware(request: NextRequest) {
|
||||
const { pathname } = request.nextUrl;
|
||||
|
||||
Reference in New Issue
Block a user