From 681e2667e458b14177510ee48b7f9a58f8962bdd Mon Sep 17 00:00:00 2001
From: Wira Basalamah <wirabasalamah@wimac.local>
Date: Tue, 21 Apr 2026 13:27:10 +0700
Subject: [PATCH] fix: respect next param on authenticated /login redirect

---
 middleware.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/middleware.ts b/middleware.ts
index 55278f0..66bdd7c 100644
--- a/middleware.ts
+++ b/middleware.ts
@@ -52,7 +52,11 @@ export async function middleware(request: NextRequest) {
   }
 
   if (session && (pathname === "/" || pathname === "/login")) {
-    return NextResponse.redirect(new URL(getDefaultPathForRole(session.role), baseUrl));
+    const requested = request.nextUrl.searchParams.get("next");
+    const hasSafeNext = typeof requested === "string" && requested.startsWith("/") && !requested.startsWith("//");
+    const nextPath = hasSafeNext ? requested : null;
+    const destination = nextPath && canAccessPath(session.role, nextPath) ? nextPath : getDefaultPathForRole(session.role);
+    return NextResponse.redirect(new URL(destination, baseUrl));
   }
 
   if (session && !isPublicPath(pathname) && !canAccessPath(session.role, pathname)) {