diff --git a/proxy.ts b/proxy.ts index 60b97f47fe..d89ddc1286 100644 --- a/proxy.ts +++ b/proxy.ts @@ -3,16 +3,13 @@ import { getToken } from "next-auth/jwt"; import { guestRegex, isDevelopmentEnvironment } from "./lib/constants"; export async function proxy(request: NextRequest) { - const { pathname } = request.nextUrl; + const { pathname, origin } = request.nextUrl; - if (pathname.startsWith("/ping")) { - return new Response("pong", { status: 200 }); - } - - if (pathname.startsWith("/api/auth")) { - return NextResponse.next(); - } + // Quick responses for simple paths + if (pathname.startsWith("/ping")) return new Response("pong", { status: 200 }); + if (pathname.startsWith("/api/auth")) return NextResponse.next(); + // Get token once const token = await getToken({ req: request, secret: process.env.AUTH_SECRET, @@ -21,18 +18,21 @@ export async function proxy(request: NextRequest) { const base = process.env.NEXT_PUBLIC_BASE_PATH ?? ""; - if (!token) { - const redirectUrl = encodeURIComponent(new URL(request.url).pathname); + // Precompute redirect URL once + const redirectUrl = encodeURIComponent(pathname); + // Guest redirect if not authenticated + if (!token) { return NextResponse.redirect( - new URL(`${base}/api/auth/guest?redirectUrl=${redirectUrl}`, request.url) + new URL(`${base}/api/auth/guest?redirectUrl=${redirectUrl}`, origin) ); } - const isGuest = guestRegex.test(token?.email ?? ""); + const isGuest = guestRegex.test(token.email ?? ""); - if (token && !isGuest && ["/login", "/register"].includes(pathname)) { - return NextResponse.redirect(new URL(`${base}/`, request.url)); + // Authenticated users shouldn't access login/register + if (!isGuest && (pathname === "/login" || pathname === "/register")) { + return NextResponse.redirect(new URL(`${base}/`, origin)); } return NextResponse.next(); @@ -45,7 +45,6 @@ export const config = { "/api/:path*", "/login", "/register", - "/((?!_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)", ], };