ugh

2025-03-23 23:53:45 +00:00
parent edc220bc5d
commit 3413e3b1e8
8 changed files with 122 additions and 88 deletions
--- a/middleware.ts
+++ b/middleware.ts
@@ -2,15 +2,29 @@ import { NextResponse } from "next/server";
 import type { NextRequest } from "next/server";

 export async function middleware(req: NextRequest) {
+  // Check for auth token in cookies
  const token = req.cookies.get("Authorization")?.value;
-
+  
+  // Debug info about all cookies
+  const allCookies = req.cookies.getAll();
+  console.log("Middleware: All cookies:", allCookies.map(c => c.name).join(', '));
+  
  if (!token) {
-    console.log("Middleware: No token found, redirecting to login...");
-    return NextResponse.redirect(new URL("/auth/login", req.url));
+    // Try to get from Authorization header as fallback
+    const authHeader = req.headers.get('Authorization');
+    
+    if (authHeader?.startsWith('Bearer ')) {
+      console.log("Middleware: Token found in Authorization header");
+      // Continue with validation using header auth
+      // The authCheckUrl will handle extracting the token from header
+    } else {
+      console.log("Middleware: No token found in cookies or headers, redirecting to login...");
+      return NextResponse.redirect(new URL("/auth/login", req.url));
+    }
+  } else {
+    console.log("Middleware: Token found in cookies, validating...");
  }

-  console.log("Middleware: Token found, validating...");
-
  try {
    // Get the origin but handle localhost differently to avoid SSL issues
    const origin = req.nextUrl.origin;
@@ -24,13 +38,17 @@ export async function middleware(req: NextRequest) {
    
    console.log(`Using internal auth check URL: ${authCheckUrl}`);
    
+    // Clone headers to avoid modifying the original request
+    const headers = new Headers(req.headers);
+    
+    // If token is in cookie, ensure it's also in Authorization header
+    if (token && !headers.has('Authorization')) {
+      headers.set('Authorization', `Bearer ${token}`);
+    }
+    
    const res = await fetch(authCheckUrl, {
      method: "GET",
-      headers: {
-        "Content-Type": "application/json",
-        // Explicitly pass the token in headers as well
-        "Authorization": `Bearer ${token}`
-      },
+      headers,
      credentials: 'include',
    });