hmm

app/auth/login/page.tsx

@@ -120,7 +120,7 @@ export default function LoginPage() {
     setIsLoading(true);
 
     try {
-      const response = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/auth/login`, {
+      const response = await fetch(`/api/auth/login`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ username, password }),

app/auth/register/page.tsx

@@ -22,7 +22,7 @@ export default function RegisterPage() {
     setLoading(true);
 
     const res = await fetchData(
-      `${process.env.NEXT_PUBLIC_API_URL}/auth/register`,
+      `/api/auth/register`,
       {
         method: "POST",
         headers: { "Content-Type": "application/json" },

middleware.ts

@@ -10,17 +10,19 @@ export async function middleware(req: NextRequest) {
   }
 
   try {
-    // Use SERVER_API_URL which should be set to a working URL in the .env files
+    // Use our internal API route that handles the auth check server-side
-    const apiUrl = process.env.SERVER_API_URL || 'https://internal-api.inboxi.ng/api';
+    // This avoids SSL issues as it's a same-origin request
-    console.log(`Using API URL for authentication: ${apiUrl}/auth/me`);
+    const origin = req.nextUrl.origin;
+    const authCheckUrl = `${origin}/api/auth/check`;
     
-    const res = await fetch(`${apiUrl}/auth/me`, {
+    console.log(`Using internal auth check URL: ${authCheckUrl}`);
+    
+    const res = await fetch(authCheckUrl, {
       method: "GET",
       headers: {
         "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`,
       },
-      // No Node.js-specific options as middleware runs in Edge Runtime
+      credentials: 'include',
     });
 
     if (!res.ok) {