The dashboard middleware was treating /dashboard/api/v1/* as protected dashboard pages, so even the login request:
Build & Deploy / Build & Push Docker Image (push) Successful in 2m49s
Test / Type Check (all packages) (push) Successful in 53s
Build & Deploy / Deploy to VPS (push) Successful in 3s
Test / API Unit Tests (push) Successful in 47s
Test / Homepage Unit Tests (push) Successful in 43s
Test / Storefront Unit Tests (push) Successful in 40s
Test / Admin Unit Tests (push) Successful in 42s
Test / Dashboard Unit Tests (push) Successful in 41s
Test / API Integration Tests (push) Successful in 1m0s
Build & Deploy / Build & Push Docker Image (push) Successful in 2m49s
Test / Type Check (all packages) (push) Successful in 53s
Build & Deploy / Deploy to VPS (push) Successful in 3s
Test / API Unit Tests (push) Successful in 47s
Test / Homepage Unit Tests (push) Successful in 43s
Test / Storefront Unit Tests (push) Successful in 40s
Test / Admin Unit Tests (push) Successful in 42s
Test / Dashboard Unit Tests (push) Successful in 41s
Test / API Integration Tests (push) Successful in 1m0s
/dashboard/api/v1/auth/employee/login was getting 307 redirected to /dashboard/sign-in. That meant sign-in could never set/read the employee_session cookie, and every dashboard page kept bouncing back to sign-in.
This commit is contained in:
@@ -122,4 +122,13 @@ describe('dashboard middleware', () => {
|
||||
expect(response).toEqual({ kind: 'next' })
|
||||
expect(nextServer.next).toHaveBeenCalledTimes(1)
|
||||
})
|
||||
|
||||
it('allows dashboard API requests through so auth endpoints can set and read cookies', async () => {
|
||||
const { default: middleware } = await loadMiddleware()
|
||||
|
||||
const response = middleware(request('https://workspace.example.com/dashboard/api/v1/auth/employee/login') as never)
|
||||
|
||||
expect(response).toEqual({ kind: 'next' })
|
||||
expect(nextServer.redirect).not.toHaveBeenCalled()
|
||||
})
|
||||
})
|
||||
|
||||
@@ -67,6 +67,7 @@ function isInternalHost(host: string | null): boolean {
|
||||
|
||||
function isProtectedRoute(req: NextRequest) {
|
||||
const pathname = toDashboardAppPath(req.nextUrl.pathname)
|
||||
if (pathname === '/api' || pathname.startsWith('/api/') || pathname === '/trpc' || pathname.startsWith('/trpc/')) return false
|
||||
if (['/sign-in', '/sign-up', '/forgot-password', '/reset-password', '/onboarding', '/verify-email'].some((p) => pathname === p || pathname.startsWith(p + '/'))) return false
|
||||
return pathname === '/' || (pathname.startsWith('/') && !pathname.startsWith('/_next'))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user