The dashboard middleware was treating /dashboard/api/v1/* as protected dashboard pages, so even the login request:
Build & Deploy / Build & Push Docker Image (push) Successful in 2m49s
Test / Type Check (all packages) (push) Successful in 53s
Build & Deploy / Deploy to VPS (push) Successful in 3s
Test / API Unit Tests (push) Successful in 47s
Test / Homepage Unit Tests (push) Successful in 43s
Test / Storefront Unit Tests (push) Successful in 40s
Test / Admin Unit Tests (push) Successful in 42s
Test / Dashboard Unit Tests (push) Successful in 41s
Test / API Integration Tests (push) Successful in 1m0s
Build & Deploy / Build & Push Docker Image (push) Successful in 2m49s
Test / Type Check (all packages) (push) Successful in 53s
Build & Deploy / Deploy to VPS (push) Successful in 3s
Test / API Unit Tests (push) Successful in 47s
Test / Homepage Unit Tests (push) Successful in 43s
Test / Storefront Unit Tests (push) Successful in 40s
Test / Admin Unit Tests (push) Successful in 42s
Test / Dashboard Unit Tests (push) Successful in 41s
Test / API Integration Tests (push) Successful in 1m0s
/dashboard/api/v1/auth/employee/login was getting 307 redirected to /dashboard/sign-in. That meant sign-in could never set/read the employee_session cookie, and every dashboard page kept bouncing back to sign-in.
This commit is contained in:
@@ -122,4 +122,13 @@ describe('dashboard middleware', () => {
|
|||||||
expect(response).toEqual({ kind: 'next' })
|
expect(response).toEqual({ kind: 'next' })
|
||||||
expect(nextServer.next).toHaveBeenCalledTimes(1)
|
expect(nextServer.next).toHaveBeenCalledTimes(1)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('allows dashboard API requests through so auth endpoints can set and read cookies', async () => {
|
||||||
|
const { default: middleware } = await loadMiddleware()
|
||||||
|
|
||||||
|
const response = middleware(request('https://workspace.example.com/dashboard/api/v1/auth/employee/login') as never)
|
||||||
|
|
||||||
|
expect(response).toEqual({ kind: 'next' })
|
||||||
|
expect(nextServer.redirect).not.toHaveBeenCalled()
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|||||||
@@ -67,6 +67,7 @@ function isInternalHost(host: string | null): boolean {
|
|||||||
|
|
||||||
function isProtectedRoute(req: NextRequest) {
|
function isProtectedRoute(req: NextRequest) {
|
||||||
const pathname = toDashboardAppPath(req.nextUrl.pathname)
|
const pathname = toDashboardAppPath(req.nextUrl.pathname)
|
||||||
|
if (pathname === '/api' || pathname.startsWith('/api/') || pathname === '/trpc' || pathname.startsWith('/trpc/')) return false
|
||||||
if (['/sign-in', '/sign-up', '/forgot-password', '/reset-password', '/onboarding', '/verify-email'].some((p) => pathname === p || pathname.startsWith(p + '/'))) return false
|
if (['/sign-in', '/sign-up', '/forgot-password', '/reset-password', '/onboarding', '/verify-email'].some((p) => pathname === p || pathname.startsWith(p + '/'))) return false
|
||||||
return pathname === '/' || (pathname.startsWith('/') && !pathname.startsWith('/_next'))
|
return pathname === '/' || (pathname.startsWith('/') && !pathname.startsWith('/_next'))
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user