Can you explain more on what is the expected behavior and what is the actual behavior of the middleware in prod

If the user is not authenticated, they should be redirected to /auth and should never go to /
if the user is authenticated, then they should not be able to see /auth page but /
basically, the middleware is not "checking" some pages, so sometimes when I am not authenticated I am able to go to / and vice versa

If am authenticated I can also go to /auth

this is my current code:

import { NextRequest, NextResponse } from 'next/server'
import { cookies } from 'next/headers'

const protectedRoutes = ['/']
const publicRoutes = ['/auth']

export default async function middleware(req: NextRequest) {
  const path = req.nextUrl.pathname

  const isProtectedRoute = protectedRoutes.includes(path)
  const isPublicRoute = publicRoutes.includes(path)

  const cookie = cookies().get('token')?.value

  if (isProtectedRoute && !cookie) {
    return NextResponse.redirect(new URL('/auth', req.nextUrl))
  }

  if (isPublicRoute && !!cookie) {
    return NextResponse.redirect(new URL('/', req.nextUrl))
  }

  return NextResponse.next()
}

I removed matcher on purpose

I just copied this example from vercel/nextjs docs anda adapted to my use case

I believe the reason is that (auth) is on parenthesis so its not being take in count as a route , just as a layout group, if you want to use/auth/... try removing those parenthesis , also you have to folders with () at the same level that have a page on them , that can cause problem bc you have to pages with the same route / doesnt know if go to (auth) or (main)

i could be wrong tho , I'm still new too , but I was having a similar problem a few days ago

In relation to what cheka said above, are your file routes literally named "(main)" and "(auth)"? If so, try removing the parenthesis and check again

hummm I see

yes

but should I keep auth/page.tsx?

with layout etc?

yes keeping the layout and page on auth its ok

it will take the loot layout first

and then put the auth layout inside it

but how do I avoid the creation of multiple layouts?

and then the page

is it bad to keep?

leave ( ) on both but just leave a page.tsx

on one of them

for login regites etc

should I keep the folder called main?

make (auth)/login/page.tsx

i have something similar that you want lemme

take a screenshot

You can keep the parenthesis on the main one so that the page.tsx under it becomes the path "/". The page.tsx on the auth then becomes "/auth"

|-- app
|--- (main)
|---- layout.tsx
|---- page.tsx
|--- auth
|---- layout.tsx
|---- page.tsx
|--- layout.tsx

ok I see
this is what I have

You can delete the layouts under main and auth, unless you're doing something specific for those routes

my guess he wants them there bc i think he wants a layout for main and auth

yeah but i can still go to auth page

yes

different layouts as you guys can see in the recording

ok so in that case

after log in you shuld be redirected

to the dashboard right?

right

but this is already happening

const isProtectedRoute = protectedRoutes.includes(path)

I just want to prevent typing /auth in the url and go to auth

ok so just to make sure

try with a console.log

after thos booleans

too see what they are returning

I mean, locally this is working perfectly

it's bad to send logs to prod

it doesn't make sense right

aah forgot that you were doing this on prod

yeah

that's pretty bad and doesn't make sense tbh

I also tried building the application and running like prod with npm run start

nothing happened either

to make sure

is the cookie there?

(Isprotectedroute && !cookie) is (false && false) which makes it true?

Thus redirecting to /auth

yes it's

hmmm

I see

I have something similar, maybe you can do this logic instead

export default auth((req) => {
  const { nextUrl } = req;
  const isLoggedIn = !!req.auth;

  const isApiAuthRoute = nextUrl.pathname.startsWith(apiAuthPrefix);
  const isPublicRoute = publicRoutes.includes(nextUrl.pathname);
  const isAuthRoute = authRoutes.includes(nextUrl.pathname);

  if (isApiAuthRoute) {
    return;
  }

  if (isAuthRoute) {
    if (isLoggedIn) {
      return Response.redirect(new URL(DEFAULT_LOGIN_REDIRECT, nextUrl));
    }
    return;
  }

  if (!isLoggedIn && !isPublicRoute) {
    return Response.redirect(new URL("/auth/login", nextUrl));
  }

  return;

})

Dint include auth routes in public routes

oooh true

what auth are you using?

so are you protecting them?

custom auth from my api

Route.ts

// Public routes
export const publicRoutes = [
"/"
];

export const authRoutes = [
'/auth/login',
'/auth/register',
'/auth/error',
'/auth/reset',
'/auth/new-verification',
'/auth/new-password'
];

export const apiAuthPrefix = '/api/auth';

export const DEFAULT_LOGIN_REDIRECT = "/settings"

Yes

Im checking if the route is an auth route, then check if user logged in, if so, redirect to home page

This was from code with antonio auth v5 tutorial in youtube

ok and what about your folder structure?

8 hours tutorial deep dive on next-auth / auth.js

do you have (auth)/login/page.tsx?

Actually come chrck it here

My repo is public

oh mate, I appreciate

This repo has 2FA, password reset, email confirmation etc

yeah yeah thanks, I'll take a look

the most boring thing is to deploy this to prod to test

lmao

Real

sent to prod, praying xD

still not working

😮‍💨 what does the new middleware look like

import { NextRequest, NextResponse } from 'next/server'
import { cookies } from 'next/headers'

const authRoutes = ['/auth/login']

export default async function middleware(req: NextRequest) {
const path = req.nextUrl.pathname
const isAuthenticated = !!cookies().get('token')?.value

const isAuthRoutes = authRoutes.includes(path)

if (isAuthRoutes) {
if (isAuthenticated) {
return Response.redirect(new URL('/', req.nextUrl))
}

return
}

if (!isAuthenticated) {
return Response.redirect(new URL('/auth/login', req.nextUrl))
}

return NextResponse.next()
}

// Routes Middleware should not run on
export const config = {
matcher: ['/((?!api|_next/static|_next/image|.\.png$).)'],
}

I also changed (main) to (protected) just like you

and created inside auth a folder called login with a page inside

auth/login/page.tsx

&752637460550385834 can someone from next help me with this here?

Don't ping moderators for non-moderation issues.