feat(01-05): add middleware for session refresh and route protection

- Create updateSession helper for Supabase session management - Add main middleware with protected and auth route handling - Configure matcher to exclude static files for performance - Session refresh on every request prevents random logouts Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-31 13:36:36 +01:00
parent d5a69fd8c4
commit 6cfe58e96d
2 changed files with 86 additions and 0 deletions
--- a/src/lib/supabase/middleware.ts
+++ b/src/lib/supabase/middleware.ts
@@ -0,0 +1,37 @@
+import { createServerClient } from '@supabase/ssr'
+import { NextResponse, type NextRequest } from 'next/server'
+
+export async function updateSession(request: NextRequest) {
+  let supabaseResponse = NextResponse.next({
+    request,
+  })
+
+  const supabase = createServerClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL!,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+    {
+      cookies: {
+        getAll() {
+          return request.cookies.getAll()
+        },
+        setAll(cookiesToSet) {
+          cookiesToSet.forEach(({ name, value }) =>
+            request.cookies.set(name, value)
+          )
+          supabaseResponse = NextResponse.next({
+            request,
+          })
+          cookiesToSet.forEach(({ name, value, options }) =>
+            supabaseResponse.cookies.set(name, value, options)
+          )
+        },
+      },
+    }
+  )
+
+  // IMPORTANT: Do not remove this line
+  // Refreshing the auth token is crucial for keeping the session alive
+  const { data: { user } } = await supabase.auth.getUser()
+
+  return { supabaseResponse, user }
+}