15.3.1 middleware issue

[accountunavaible]

Summary

I am using middleware to redirect my user. Somehow all other paths are protected, just not /login path.

/login path is placed under (auth) group routes.

here is the code:

export async function middleware(request: NextRequest) {
  const { pathname, searchParams } = request.nextUrl;

  const access = await getSession<UserAccess>(ACCESS_SESSION_NAME);
  const isLoggedIn = access?.isLoggedIn ?? false;
  const isAdmin = access?.isAdmin ?? false;

  const isMaintenance = process.env.MAINTENANCE_MODE === 'true';

  const accessKey = searchParams.get('access');
  const validAccessKey = process.env.MAINTENANCE_ACCESS_KEY;
  const hasValidAccessToken = accessKey && accessKey === validAccessKey;

  **console.log(pathname) // here is weird, all other path are redirected because the if block down below. just not /login, and when I visit /login, it prints /register** 
  if (isMaintenance && !hasValidAccessToken && pathname !== '/maintenance') {
    return NextResponse.redirect(new URL('/maintenance', request.url));
  }

  const loginRequiredPaths = ['/user', '/nzbddht'];
  const needsAuth = loginRequiredPaths.some(
    (prefix) => pathname === prefix || pathname.startsWith(`${prefix}/`)
  );
  if (needsAuth && !isLoggedIn) {
    return NextResponse.redirect(new URL('/login', request.url));
  }

  if (pathname.startsWith(`/${HT_URL}`) && !isAdmin) {
    return NextResponse.redirect(new URL('/forbidden', request.url));
  }

  return NextResponse.next();
}

export const config = {
  matcher: [
    '/((?!_next|favicon.ico).*)',
  ],
};

Additional information

No response

Example

No response

[accountunavaible]

it will work on localhost. But not on production. I made sure I deleted .next and rebuild, no luck.

[accountunavaible]

I even tried something crazy.

export async function middleware(request: NextRequest) { return NextResponse.redirect(new URL('/maintenance', request.url)); }

but still, not working for /login, working for all other routes

[4anghyeon]

Are you using next-auth? If so, it might be related to the next-auth configuration.

[accountunavaible]

no I am not using next-auth, thanks.

[icyJoseph]

Hi,

Did you try using an incognito mode? I wonder if your browser got a permanent redirect stored. If it works on incognito mode, then it can be a browser caching issue.

[accountunavaible]

yes I tried in incognito mode, it does not work. Thanks

[accountunavaible]

hi all it is working now. It's my nginx config issue.

before:
location / { proxy_pass http://127.0.0.1:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; }

after edited:

location / { proxy_pass http://localhost:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; }

not sure why I have to change 127.0.0.1 to localhost in order to work. Thanks for the help