From 44fcd37366f931cdad746696821c3a78f468bfbf Mon Sep 17 00:00:00 2001
From: Michele <michele@mlhub.it>
Date: Sun, 1 Feb 2026 12:02:01 +0100
Subject: [PATCH] Fix middleware redirect URLs missing basePath

- Use request.nextUrl.clone() instead of new URL() for redirects
- This preserves the /leopost basePath in redirect URLs
- Fixes 404 error when unauthenticated user visits /dashboard

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 middleware.ts | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/middleware.ts b/middleware.ts
index 6150a20..10dbe94 100644
--- a/middleware.ts
+++ b/middleware.ts
@@ -18,7 +18,9 @@ export async function middleware(request: NextRequest) {
   )
 
   if (isProtectedRoute && !user) {
-    const redirectUrl = new URL('/login/', request.url)
+    // Use nextUrl.clone() to preserve basePath in redirect
+    const redirectUrl = request.nextUrl.clone()
+    redirectUrl.pathname = '/login/'
     redirectUrl.searchParams.set('redirectTo', pathname)
     return NextResponse.redirect(redirectUrl)
   }
@@ -29,7 +31,10 @@ export async function middleware(request: NextRequest) {
   )
 
   if (isAuthRoute && user) {
-    return NextResponse.redirect(new URL('/dashboard/', request.url))
+    // Use nextUrl.clone() to preserve basePath in redirect
+    const url = request.nextUrl.clone()
+    url.pathname = '/dashboard/'
+    return NextResponse.redirect(url)
   }
 
   return supabaseResponse