fix: respect next param on authenticated /login redirect

2026-04-21 13:27:10 +07:00
parent 6c6ed15c31
commit 681e2667e4
1 changed files with 5 additions and 1 deletions
--- a/middleware.ts
+++ b/middleware.ts
@ -52,7 +52,11 @@ export async function middleware(request: NextRequest) {
  }

  if (session && (pathname === "/" || pathname === "/login")) {
-    return NextResponse.redirect(new URL(getDefaultPathForRole(session.role), baseUrl));
+    const requested = request.nextUrl.searchParams.get("next");
+    const hasSafeNext = typeof requested === "string" && requested.startsWith("/") && !requested.startsWith("//");
+    const nextPath = hasSafeNext ? requested : null;
+    const destination = nextPath && canAccessPath(session.role, nextPath) ? nextPath : getDefaultPathForRole(session.role);
+    return NextResponse.redirect(new URL(destination, baseUrl));
  }

  if (session && !isPublicPath(pathname) && !canAccessPath(session.role, pathname)) {