From 2c2fd3547c556c2ecfca56907e8d4444cd50e2f3 Mon Sep 17 00:00:00 2001
From: Christopher Mayor <christopherjohnmayor@gmail.com>
Date: Fri, 24 Apr 2026 14:34:13 -0700
Subject: [PATCH] feat: add auth middleware protecting /compare and /profile
 routes

---
 src/middleware.ts | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/middleware.ts b/src/middleware.ts
index da56471..c88a27c 100644
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -1,20 +1,29 @@
 import { NextRequest, NextResponse } from "next/server";
 import { auth } from "@/lib/auth";
 
-const publicPaths = ["/sign-in", "/sign-up", "/api/auth"];
+const publicPaths = ["/", "/explore", "/sign-in", "/sign-up", "/api/auth"];
+const protectedPaths = ["/compare", "/profile"];
 
 export async function middleware(request: NextRequest) {
   const { pathname } = request.nextUrl;
 
+  if (
+    pathname.startsWith("/_next") ||
+    pathname.startsWith("/favicon") ||
+    pathname.includes(".")
+  ) {
+    return NextResponse.next();
+  }
+
   const isPublic = publicPaths.some(
     (path) => pathname === path || pathname.startsWith(path + "/"),
   );
 
-  if (isPublic) {
-    return NextResponse.next();
-  }
+  const isProtected = protectedPaths.some(
+    (path) => pathname === path || pathname.startsWith(path + "/"),
+  );
 
-  if (pathname.startsWith("/_next") || pathname.startsWith("/favicon")) {
+  if (isPublic && !isProtected) {
     return NextResponse.next();
   }
 
@@ -22,7 +31,7 @@ export async function middleware(request: NextRequest) {
     headers: request.headers,
   });
 
-  if (!session) {
+  if (!session && isProtected) {
     const signInUrl = new URL("/sign-in", request.url);
     signInUrl.searchParams.set("callbackUrl", pathname);
     return NextResponse.redirect(signInUrl);