The dashboard middleware was treating /dashboard/api/v1/* as protected dashboard pages, so even the login request:
Build & Deploy / Build & Push Docker Image (push) Successful in 2m49s
Test / Type Check (all packages) (push) Successful in 53s
Build & Deploy / Deploy to VPS (push) Successful in 3s
Test / API Unit Tests (push) Successful in 47s
Test / Homepage Unit Tests (push) Successful in 43s
Test / Storefront Unit Tests (push) Successful in 40s
Test / Admin Unit Tests (push) Successful in 42s
Test / Dashboard Unit Tests (push) Successful in 41s
Test / API Integration Tests (push) Successful in 1m0s

/dashboard/api/v1/auth/employee/login
was getting 307 redirected to /dashboard/sign-in. That meant sign-in could never set/read the employee_session cookie, and every dashboard page kept bouncing back to sign-in.
This commit is contained in:
root
2026-07-02 14:19:45 -04:00
parent 781512399b
commit b45f84d62b
2 changed files with 10 additions and 0 deletions
+9
View File
@@ -122,4 +122,13 @@ describe('dashboard middleware', () => {
expect(response).toEqual({ kind: 'next' })
expect(nextServer.next).toHaveBeenCalledTimes(1)
})
it('allows dashboard API requests through so auth endpoints can set and read cookies', async () => {
const { default: middleware } = await loadMiddleware()
const response = middleware(request('https://workspace.example.com/dashboard/api/v1/auth/employee/login') as never)
expect(response).toEqual({ kind: 'next' })
expect(nextServer.redirect).not.toHaveBeenCalled()
})
})
+1
View File
@@ -67,6 +67,7 @@ function isInternalHost(host: string | null): boolean {
function isProtectedRoute(req: NextRequest) {
const pathname = toDashboardAppPath(req.nextUrl.pathname)
if (pathname === '/api' || pathname.startsWith('/api/') || pathname === '/trpc' || pathname.startsWith('/trpc/')) return false
if (['/sign-in', '/sign-up', '/forgot-password', '/reset-password', '/onboarding', '/verify-email'].some((p) => pathname === p || pathname.startsWith(p + '/'))) return false
return pathname === '/' || (pathname.startsWith('/') && !pathname.startsWith('/_next'))
}