letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: allow /portal and /api/portal paths without CRM session

Browse Source 
The portal has its own JWT-based auth (withPortalAuth). The CRM
middleware was redirecting /portal/login and /api/portal/auth/request
to /login, breaking the magic-link flow for unauthenticated clients.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt Ciaccio
2026-04-22 17:22:53 +02:00
parent b5d8e1ecb8
commit 46bd8aaef1
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/middleware.ts
View File

@@ -12,6 +12,8 @@ const PUBLIC_PATHS: string[] = [
'/api/public/', '/api/public/',
'/api/health', '/api/health',
'/scan', '/scan',
'/portal/',
'/api/portal/',
]; ];
function isPublicPath(pathname: string): boolean { function isPublicPath(pathname: string): boolean {
@@ -35,10 +37,7 @@ export function middleware(request: NextRequest): NextResponse {
if (!sessionToken?.value) { if (!sessionToken?.value) {
if (isApiRoute(pathname)) { if (isApiRoute(pathname)) {
// API routes return 401 JSON — never redirect // API routes return 401 JSON — never redirect
return NextResponse.json( return NextResponse.json({ error: 'Authentication required' }, { status: 401 });
{ error: 'Authentication required' },
{ status: 401 },
);
} }
// Page routes redirect to /login, preserving the intended destination // Page routes redirect to /login, preserving the intended destination