fix: exclude API routes from i18n middleware processing

- Skip intl middleware for /api/* routes to prevent 404 errors - Ensures API endpoints remain accessible without locale prefixes - Fixes version endpoint that was returning 404 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-02 19:47:20 -07:00 · 2025-09-02 19:47:20 -07:00 · a9493402e2
commit a9493402e2
parent 95ce20bdab
1 changed files with 66 additions and 92 deletions
--- a/middleware.ts
+++ b/middleware.ts
@ -1,102 +1,76 @@
-import { NextResponse } from 'next/server'
-import type { NextRequest } from 'next/server'
+import createMiddleware from 'next-intl/middleware'
+import {locales, defaultLocale, type Locale} from './i18n.config'
+import {NextResponse} from 'next/server'
+import type {NextRequest} from 'next/server'

-// Define paths that require authentication
-const PROTECTED_PATHS = [
-  // API paths that require auth
-  '/api/parties/create',
-  '/api/parties/update',
-  '/api/parties/delete',
-  '/api/favorites',
-  '/api/users/settings',
+const intl = createMiddleware({
+  locales,
+  defaultLocale,
+  localePrefix: 'as-needed' // Show locale in URL when not default
+})

-  // Page paths that require auth
-  '/saved',
-  '/profile',
-]
+const PROTECTED_PATHS = ['/saved', '/profile'] as const
+const MIXED_AUTH_PATHS = ['/api/parties', '/p/'] as const

-// Paths that are public but have protected actions
-const MIXED_AUTH_PATHS = [
-  '/api/parties', // GET is public, POST requires auth
-  '/p/', // Viewing is public, editing requires auth
-]
+export default function middleware(request: NextRequest) {
+  const {pathname} = request.nextUrl
  
-export function middleware(request: NextRequest) {
-  const { pathname } = request.nextUrl
+  // Skip intl middleware for API routes
+  if (!pathname.startsWith('/api/')) {
+    // Run next-intl for non-API routes (handles locale detection, redirects, etc.)
+    const intlResponse = intl(request)
+    if (intlResponse) return intlResponse
+  }
+  const seg = pathname.split('/')[1]
+  const pathWithoutLocale = locales.includes(seg as Locale)
+    ? pathname.slice(seg.length + 1) || '/'
+    : pathname

-  // Check if path requires authentication
-  const isProtectedPath = PROTECTED_PATHS.some(path => 
-    pathname === path || pathname.startsWith(path + '/')
+  const isProtectedPath = PROTECTED_PATHS.some(
+    (p) => pathWithoutLocale === p || pathWithoutLocale.startsWith(p + '/')
+  )
+  const isMixedAuthPath = MIXED_AUTH_PATHS.some(
+    (p) => pathWithoutLocale === p || pathWithoutLocale.startsWith(p)
  )

-  // For mixed auth paths, check the request method
-  const isMixedAuthPath = MIXED_AUTH_PATHS.some(path => 
-    pathname === path || pathname.startsWith(path)
-  )
+  const needsAuth =
+    isProtectedPath || (isMixedAuthPath && ['POST', 'PUT', 'DELETE'].includes(request.method))

-  const needsAuth = isProtectedPath || 
-    (isMixedAuthPath && ['POST', 'PUT', 'DELETE'].includes(request.method))
+  if (!needsAuth) return NextResponse.next()

-  if (needsAuth) {
-    // Get the authentication cookie
-    const accountCookie = request.cookies.get('account')
-    
-    // If no token or invalid format, redirect to login
-    if (!accountCookie?.value) {
-      // For API routes, return 401 Unauthorized
-      if (pathname.startsWith('/api/')) {
-        return NextResponse.json(
-          { error: 'Authentication required' },
-          { status: 401 }
-        )
-      }
-      
-      // For page routes, redirect to teams page
-      return NextResponse.redirect(new URL('/teams', request.url))
+  const accountCookie = request.cookies.get('account')
+  if (!accountCookie?.value) {
+    if (pathWithoutLocale.startsWith('/api/')) {
+      return NextResponse.json({error: 'Authentication required'}, {status: 401})
    }
+    // Preserve locale in redirect
+    const url = request.nextUrl.clone()
+    url.pathname = '/teams'
+    return NextResponse.redirect(url)
+  }

-    try {
-      // Parse the cookie to check for token
-      const accountData = JSON.parse(accountCookie.value)
-      
-      if (!accountData.token) {
-        // For API routes, return 401 Unauthorized
-        if (pathname.startsWith('/api/')) {
-          return NextResponse.json(
-            { error: 'Authentication required' },
-            { status: 401 }
-          )
-        }
-        
-        // For page routes, redirect to teams page
-        return NextResponse.redirect(new URL('/teams', request.url))
+  try {
+    const account = JSON.parse(accountCookie.value)
+    if (!account.token) {
+      if (pathWithoutLocale.startsWith('/api/')) {
+        return NextResponse.json({error: 'Authentication required'}, {status: 401})
      }
-    } catch (e) {
-      // For API routes, return 401 Unauthorized if cookie is invalid
-      if (pathname.startsWith('/api/')) {
-        return NextResponse.json(
-          { error: 'Authentication required' },
-          { status: 401 }
-        )
-      }
-      
-      // For page routes, redirect to teams page
-      return NextResponse.redirect(new URL('/teams', request.url))
+      const url = request.nextUrl.clone()
+      url.pathname = '/teams'
+      return NextResponse.redirect(url)
    }
+  } catch {
+    if (pathWithoutLocale.startsWith('/api/')) {
+      return NextResponse.json({error: 'Authentication required'}, {status: 401})
+    }
+    const url = request.nextUrl.clone()
+    url.pathname = '/teams'
+    return NextResponse.redirect(url)
  }

  return NextResponse.next()
 }

-// Configure the middleware to run on specific paths
 export const config = {
-  matcher: [
-    // Match all API routes
-    '/api/:path*',
-    // Match specific protected pages
-    '/saved',
-    '/profile',
-    // Match party pages for mixed auth
-    '/p/:path*',
-  ],
+  matcher: ['/((?!_next|_vercel|.*\\..*).*)']
 }