Add a middleware layer, handle optimistic auth check on basic routes

Author: zgavin1

src/lib/api/user-session.ts

@@ -20,7 +20,7 @@ export const loginUser = async (
   var userSession: UserSession = defaultUserSession();
   var err: string = "";
 
-  const data = await axios
+  await axios
     .post(
       `${siteConfig.env.backendServiceURL}/login`,
       {
@@ -45,8 +45,8 @@ export const loginUser = async (
         // deserialize successfully, then downstream operations will see the default
         // userSessionData in state and we will experience subtle Bugs. We should consider
         // how best we want to handle this. Ex. clear auth cookie?
-        console.debug("userSessionData: ", userSessionData)
-        throw { message: 'Login Failed to produce valid User Session data' }
+        console.debug("userSessionData: ", userSessionData);
+        throw { message: "Login Failed to produce valid User Session data" };
       }
     })
     .catch(function (error: AxiosError) {
@@ -73,7 +73,7 @@ export const logoutUser = async (): Promise<string> => {
   const data = await axios
     .get(`${siteConfig.env.backendServiceURL}/logout`, {
       withCredentials: true,
-      setTimeout: 5000, // 5 seconds before timing out trying to log in with the backend
+      setTimeout: 5000, // 5 seconds before timing out trying to log out with the backend
     })
     .then(function (response: AxiosResponse) {
       // handle success

src/middleware.ts

@@ -0,0 +1,42 @@
+import { NextRequest, NextResponse } from "next/server";
+
+// 1. Specify protected and public routes
+const protectedRoutes = [
+  "/dashboard",
+  "/coaching-sessions",
+  "/settings",
+  "/profile",
+];
+const publicRoutes = ["/"];
+
+export default async function middleware(req: NextRequest) {
+  // 2. Check if the current route is protected or public
+  const path = req.nextUrl.pathname;
+  const isProtectedRoute = protectedRoutes.includes(path);
+  const isPublicRoute = publicRoutes.includes(path);
+
+  // 3. Decrypt the session from the cookie
+  const sessionCookie = req.cookies.get("id");
+  let session = sessionCookie?.value;
+
+  // 4. Redirect to / if the user is not authenticated
+  if (isProtectedRoute && !session) {
+    return NextResponse.redirect(new URL("/", req.nextUrl));
+  }
+
+  // 5. Redirect to /dashboard if the user is authenticated
+  if (
+    isPublicRoute &&
+    session &&
+    !req.nextUrl.pathname.startsWith("/dashboard")
+  ) {
+    return NextResponse.redirect(new URL("/dashboard", req.nextUrl));
+  }
+
+  return NextResponse.next();
+}
+
+// Routes Middleware should not run on
+export const config = {
+  matcher: ["/((?!api|_next/static|_next/image|.*\\.png$).*)"],
+};