Gladyson/openmonetis
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6 from Dionizioaf:fix/login_cookie_loop

Browse Source 
fix: replace session cookie validation with actual session check in p…
This commit is contained in:
Felipe Coutinho
2025-12-07 15:47:06 -03:00
committed by GitHub
parent e50b0d1532 244534921b
commit 9022b6d8fe
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
proxy.ts
View File

@@ -1,4 +1,4 @@
import { getSessionCookie } from "better-auth/cookies";
import { auth } from "@/lib/auth/config";
import { NextRequest, NextResponse } from "next/server";
// Rotas protegidas que requerem autenticação
@@ -19,12 +19,18 @@ const PROTECTED_ROUTES = [
// Rotas públicas (não requerem autenticação)
const PUBLIC_AUTH_ROUTES = ["/login", "/signup"];
export async function proxy(request: NextRequest) {
const sessionCookie = getSessionCookie(request);
export default async function proxy(request: NextRequest) {
const { pathname } = request.nextUrl;
// Validate actual session, not just cookie existence
const session = await auth.api.getSession({
headers: request.headers,
});
const isAuthenticated = !!session?.user;
// Redirect authenticated users away from login/signup pages
if (sessionCookie && PUBLIC_AUTH_ROUTES.includes(pathname)) {
if (isAuthenticated && PUBLIC_AUTH_ROUTES.includes(pathname)) {
return NextResponse.redirect(new URL("/dashboard", request.url));
}
@@ -33,7 +39,7 @@ export async function proxy(request: NextRequest) {
pathname.startsWith(route)
);
if (!sessionCookie && isProtectedRoute) {
if (!isAuthenticated && isProtectedRoute) {
return NextResponse.redirect(new URL("/login", request.url));
}