feat: ST-006-ST-008 auth pages, middleware, nav shell en dashboard

- Login/register pages met AuthForm (useActionState + useFormStatus) - Server Actions voor login, register, logout met Zod validatie - Middleware checkt session cookie zonder iron-session op Edge runtime - AppLayout met auth-check en NavBar met demo badge en actieve links - Dashboard toont productenlijst via ProductList Client Component - Fix: a-in-a hydration error opgelost door div plus useRouter te gebruiken Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-24 11:18:42 +02:00 · 2026-04-24 11:18:42 +02:00 · 8017968e60
commit 8017968e60
parent 24924c9b79
9 changed files with 375 additions and 2 deletions
--- a/middleware.ts
+++ b/middleware.ts
@ -0,0 +1,29 @@
+import { NextResponse } from 'next/server'
+import type { NextRequest } from 'next/server'
+import { sessionOptions } from '@/lib/session'
+
+const protectedRoutes = ['/dashboard', '/products', '/todos', '/settings']
+const authRoutes = ['/login', '/register']
+
+export function middleware(request: NextRequest) {
+  const path = request.nextUrl.pathname
+  const isProtected = protectedRoutes.some(r => path.startsWith(r))
+  const isAuthRoute = authRoutes.some(r => path.startsWith(r))
+
+  // Check cookie existence only — full session validation happens in layout.tsx
+  const hasSession = !!request.cookies.get(sessionOptions.cookieName)?.value
+
+  if (isProtected && !hasSession) {
+    return NextResponse.redirect(new URL('/login', request.url))
+  }
+
+  if (isAuthRoute && hasSession) {
+    return NextResponse.redirect(new URL('/dashboard', request.url))
+  }
+
+  return NextResponse.next()
+}
+
+export const config = {
+  matcher: ['/((?!api|_next/static|_next/image|favicon.ico).*)'],
+}