database wf 11

2025-04-17 13:30:46 +02:00 · 2025-04-17 13:30:46 +02:00 · 68b01bbfb6
commit 68b01bbfb6
parent ec5108520b
2 changed files with 28 additions and 16 deletions
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@ -60,30 +60,36 @@ export const authOptions: NextAuthOptions = {
  },
  cookies: {
    sessionToken: {
-      name: `__Secure-next-auth.session-token`,
+      name: process.env.NODE_ENV === 'production' 
+        ? `__Secure-next-auth.session-token`
+        : `next-auth.session-token`,
      options: {
        httpOnly: true,
        sameSite: 'lax',
        path: '/',
-        secure: true
+        secure: process.env.NODE_ENV === 'production'
      }
    },
    callbackUrl: {
-      name: `__Secure-next-auth.callback-url`,
+      name: process.env.NODE_ENV === 'production'
+        ? `__Secure-next-auth.callback-url`
+        : `next-auth.callback-url`,
      options: {
        httpOnly: true,
        sameSite: 'lax',
        path: '/',
-        secure: true
+        secure: process.env.NODE_ENV === 'production'
      }
    },
    csrfToken: {
-      name: `__Host-next-auth.csrf-token`,
+      name: process.env.NODE_ENV === 'production'
+        ? `__Host-next-auth.csrf-token`
+        : `next-auth.csrf-token`,
      options: {
        httpOnly: true,
        sameSite: 'lax',
        path: '/',
-        secure: true
+        secure: process.env.NODE_ENV === 'production'
      }
    }
  },
--- a/middleware.ts
+++ b/middleware.ts
@ -3,8 +3,14 @@ import { NextResponse } from "next/server";

 export default withAuth(
  function middleware(req) {
-    // Allow access to the root path and signin page
-    if (req.nextUrl.pathname === "/" || req.nextUrl.pathname === "/signin") {
+    // Allow access to public paths
+    if (
+      req.nextUrl.pathname === "/" ||
+      req.nextUrl.pathname === "/signin" ||
+      req.nextUrl.pathname.startsWith("/_next") ||
+      req.nextUrl.pathname.startsWith("/api/auth") ||
+      req.nextUrl.pathname.startsWith("/public")
+    ) {
      return NextResponse.next();
    }

@ -14,17 +20,17 @@ export default withAuth(
  {
    callbacks: {
      authorized: ({ token, req }) => {
-        // Allow access to the root path and signin page
-        if (req.nextUrl.pathname === "/" || req.nextUrl.pathname === "/signin") {
+        // Allow access to public paths
+        if (
+          req.nextUrl.pathname === "/" ||
+          req.nextUrl.pathname === "/signin" ||
+          req.nextUrl.pathname.startsWith("/_next") ||
+          req.nextUrl.pathname.startsWith("/api/auth") ||
+          req.nextUrl.pathname.startsWith("/public")
+        ) {
          return true;
        }
        
-        // Check if the request is for an API route
-        if (req.nextUrl.pathname.startsWith('/api/')) {
-          // For API routes, require a valid token
-          return !!token;
-        }
-        
        // For all other routes, require a valid token
        return !!token;
      },