import { createServerClient } from '@supabase/ssr' import { NextRequest, NextResponse } from 'next/server' export async function middleware(request: NextRequest) { let supabaseResponse = NextResponse.next({ request }) const supabase = createServerClient( process.env.NEXT_PUBLIC_SUPABASE_URL!, process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!, { cookies: { getAll() { return request.cookies.getAll() }, setAll(cookiesToSet) { cookiesToSet.forEach(({ name, value }) => request.cookies.set(name, value) ) supabaseResponse = NextResponse.next({ request }) cookiesToSet.forEach(({ name, value, options }) => supabaseResponse.cookies.set(name, value, options) ) }, }, } ) // getUser() valida el token contra el servidor — no confiar solo en la cookie local const { data: { user }, } = await supabase.auth.getUser() if (!user) { const loginUrl = new URL('/login', request.url) return NextResponse.redirect(loginUrl) } return supabaseResponse } export const config = { matcher: ['/admin/:path*', '/dashboard/:path*'], }