refactor: 🛠️ Enhance authentication middleware to improve user redirection logic and prevent redirect loops

yashksaini-coder · yashksaini-coder · commit 7ec7d7e5507a · 2025-03-03T21:22:01.000+05:30
diff --git a/utils/supabase/middleware.ts b/utils/supabase/middleware.ts
@@ -27,61 +27,33 @@ export async function updateSession(request: NextRequest) {
     }
   )
 
-  // Do not run code between createServerClient and
-  // supabase.auth.getUser(). A simple mistake could make it very hard to debug
-  // issues with users being randomly logged out.
-
   // IMPORTANT: DO NOT REMOVE auth.getUser()
-
   const {
     data: { user },
   } = await supabase.auth.getUser()
-  // if (
-  //   !user &&
-  //   !request.nextUrl.pathname.startsWith('/login') &&
-  //   !request.nextUrl.pathname.startsWith('/auth')
-  // ) {
-  //   // no user, potentially respond by redirecting the user to the login page
-  //   const url = request.nextUrl.clone()
-  //   url.pathname = '/login'
-  //   return NextResponse.redirect(url)
-  // }
 
+  // Protected routes check - redirect to signin if not authenticated
   if (
     !user && (request.nextUrl.pathname.startsWith('/dashboard'))
   ) {
-    // no user, potentially respond by redirecting the user to the login page
     const url = request.nextUrl.clone()
     url.pathname = '/auth/signin'
     return NextResponse.redirect(url)
   }
 
-
-
+  // Redirect authenticated users away from auth pages
   if (
     user &&
     (request.nextUrl.pathname === '/' ||
       request.nextUrl.pathname.startsWith('/auth/signin') ||
       request.nextUrl.pathname.startsWith('/auth/signup'))
   ) {
-    // user exists and route is / or /auth/signin or /auth/signup, redirect to /dashboard
+    // Add a cache-busting parameter to avoid redirect loops
     const url = request.nextUrl.clone()
     url.pathname = '/dashboard'
+    url.searchParams.set('_ts', Date.now().toString())
     return NextResponse.redirect(url)
   }
 
-  // IMPORTANT: You *must* return the supabaseResponse object as it is.
-  // If you're creating a new response object with NextResponse.next() make sure to:
-  // 1. Pass the request in it, like so:
-  //    const myNewResponse = NextResponse.next({ request })
-  // 2. Copy over the cookies, like so:
-  //    myNewResponse.cookies.setAll(supabaseResponse.cookies.getAll())
-  // 3. Change the myNewResponse object to fit your needs, but avoid changing
-  //    the cookies!
-  // 4. Finally:
-  //    return myNewResponse
-  // If this is not done, you may be causing the browser and server to go out
-  // of sync and terminate the user's session prematurely!
-
   return supabaseResponse
 }
