Patrick Plate
fe6e96dd3f
Shadboard starter-kit (Next.js 15 + React 19 + shadcn/ui + Tailwind 4) Sprint 4.a — Admin Dashboard: - Auth: NextAuth.js v5, login page, middleware, token rotation - Dashboard: KPI cards, Recharts stock chart, quick actions - Members: TanStack Table (search/sort/paginate), add/edit forms - Distributions: multi-step form, real-time quota check, history - Stock: batch management, recall dialog, bar chart - Reports: monthly/member-list/recall, PDF/CSV download, preview Sprint 4.b — Member Portal: - Separate route group with top-nav layout (mobile-first) - Quota dashboard with radial SVG progress indicators - Distribution history with month filter - Profile/settings with password change Cross-cutting: - i18n: German (default) + English via next-intl - Dark + light mode (next-themes, user-togglable) - Playwright E2E tests (6/6 green) - Docker multi-stage build (node:22-alpine) - API proxy via Next.js rewrites Tech: Next.js 15.2.8, React 19, Tailwind 4, NextAuth v5, TanStack Table, Recharts, Zod, React Hook Form, Playwright
68 lines
1.9 KiB
TypeScript
68 lines
1.9 KiB
TypeScript
import { NextResponse } from "next/server"
|
|
|
|
import { auth } from "@/lib/auth"
|
|
|
|
export default auth((req) => {
|
|
const { nextUrl } = req
|
|
const isAuthenticated = !!req.auth
|
|
|
|
// Public routes that don't require authentication
|
|
const publicRoutes = [
|
|
"/login",
|
|
"/register",
|
|
"/forgot-password",
|
|
"/api/auth",
|
|
"/portal-login",
|
|
]
|
|
const isPublicRoute = publicRoutes.some((route) =>
|
|
nextUrl.pathname.startsWith(route)
|
|
)
|
|
|
|
// Portal routes — allow without admin auth (mock for now)
|
|
const isPortalRoute = nextUrl.pathname.startsWith("/portal")
|
|
|
|
if (isPublicRoute || isPortalRoute) {
|
|
// If user is already authenticated and tries to access login, redirect based on role
|
|
if (isAuthenticated && nextUrl.pathname.startsWith("/login")) {
|
|
const role = req.auth?.user?.role
|
|
const redirectPath = getRedirectForRole(role)
|
|
return NextResponse.redirect(new URL(redirectPath, nextUrl))
|
|
}
|
|
return NextResponse.next()
|
|
}
|
|
|
|
// Redirect unauthenticated users to login
|
|
if (!isAuthenticated) {
|
|
const loginUrl = new URL("/login", nextUrl)
|
|
loginUrl.searchParams.set("callbackUrl", nextUrl.pathname)
|
|
return NextResponse.redirect(loginUrl)
|
|
}
|
|
|
|
return NextResponse.next()
|
|
})
|
|
|
|
function getRedirectForRole(role: string | undefined): string {
|
|
switch (role) {
|
|
case "ADMIN":
|
|
case "STAFF":
|
|
case "PREVENTION_OFFICER":
|
|
return "/dashboard"
|
|
case "MEMBER":
|
|
return "/portal/dashboard"
|
|
default:
|
|
return "/dashboard"
|
|
}
|
|
}
|
|
|
|
export const config = {
|
|
matcher: [
|
|
// Protect all routes EXCEPT:
|
|
// - /login, /register, /forgot-password (auth pages)
|
|
// - /portal-login (portal auth page)
|
|
// - /api/auth (NextAuth API routes)
|
|
// - /_next/static, /_next/image (Next.js internals)
|
|
// - /favicon.ico, /images (public assets)
|
|
"/((?!login|register|forgot-password|portal-login|api/auth|_next/static|_next/image|favicon.ico|images).*)",
|
|
],
|
|
}
|