From 244534921b9b10fbff79777a024da17a45722bce Mon Sep 17 00:00:00 2001
From: Dionizio Ferreira <dionizioaf@gmail.com>
Date: Sun, 7 Dec 2025 09:50:55 -0300
Subject: [PATCH] fix: replace session cookie validation with actual session
 check in proxy middleware

---
 proxy.ts | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/proxy.ts b/proxy.ts
index 2633335..197c7e1 100644
--- a/proxy.ts
+++ b/proxy.ts
@@ -1,4 +1,4 @@
-import { getSessionCookie } from "better-auth/cookies";
+import { auth } from "@/lib/auth/config";
 import { NextRequest, NextResponse } from "next/server";
 
 // Rotas protegidas que requerem autenticação
@@ -19,12 +19,18 @@ const PROTECTED_ROUTES = [
 // Rotas públicas (não requerem autenticação)
 const PUBLIC_AUTH_ROUTES = ["/login", "/signup"];
 
-export async function proxy(request: NextRequest) {
-  const sessionCookie = getSessionCookie(request);
+export default async function proxy(request: NextRequest) {
   const { pathname } = request.nextUrl;
 
+  // Validate actual session, not just cookie existence
+  const session = await auth.api.getSession({
+    headers: request.headers,
+  });
+
+  const isAuthenticated = !!session?.user;
+
   // Redirect authenticated users away from login/signup pages
-  if (sessionCookie && PUBLIC_AUTH_ROUTES.includes(pathname)) {
+  if (isAuthenticated && PUBLIC_AUTH_ROUTES.includes(pathname)) {
     return NextResponse.redirect(new URL("/dashboard", request.url));
   }
 
@@ -33,7 +39,7 @@ export async function proxy(request: NextRequest) {
     pathname.startsWith(route)
   );
 
-  if (!sessionCookie && isProtectedRoute) {
+  if (!isAuthenticated && isProtectedRoute) {
     return NextResponse.redirect(new URL("/login", request.url));
   }
 
@@ -57,4 +63,4 @@ export const config = {
     "/login",
     "/signup",
   ],
-};
+};
\ No newline at end of file