From d031e0e4dd4f11b55a991251d31b7db1b9841dfd Mon Sep 17 00:00:00 2001 From: Kutluhan Bayram Date: Fri, 27 Mar 2026 00:03:37 -0400 Subject: [PATCH 1/2] Fix middleware auth: gracefully handle Supabase unreachable/misconfigured The server-side middleware was hard-failing with {"detail":"Not Found"} when Supabase wasn't reachable from the server context. Now falls through to client-side auth on any error instead of blocking login entirely. Co-Authored-By: Claude Opus 4.6 --- frontend/src/middleware.ts | 63 +++++++++++++++++++++++++------------- 1 file changed, 41 insertions(+), 22 deletions(-) diff --git a/frontend/src/middleware.ts b/frontend/src/middleware.ts index a1cf964..07bd224 100644 --- a/frontend/src/middleware.ts +++ b/frontend/src/middleware.ts @@ -13,33 +13,52 @@ export async function middleware(request: NextRequest) { return NextResponse.next(); } - const response = NextResponse.next(); - - const supabase = createServerClient( - process.env.NEXT_PUBLIC_SUPABASE_URL!, - process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!, - { - cookies: { - getAll() { - return request.cookies.getAll(); - }, - setAll(cookiesToSet) { - cookiesToSet.forEach(({ name, value, options }) => { - response.cookies.set(name, value, options); - }); + // If Supabase env vars are not configured, fall through to client-side auth + const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL; + const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY; + if (!supabaseUrl || !supabaseAnonKey) { + return NextResponse.next(); + } + + try { + const response = NextResponse.next(); + + const supabase = createServerClient( + supabaseUrl, + supabaseAnonKey, + { + cookies: { + getAll() { + return request.cookies.getAll(); + }, + setAll(cookiesToSet) { + cookiesToSet.forEach(({ name, value, options }) => { + response.cookies.set(name, value, options); + }); + }, }, - }, + } + ); + + const { data: { user }, error } = await supabase.auth.getUser(); + + // If Supabase is unreachable or returns an error, fall through to client-side auth + if (error) { + console.warn('Middleware auth check failed, falling through:', error.message); + return NextResponse.next(); } - ); - const { data: { user } } = await supabase.auth.getUser(); + if (!user) { + const loginUrl = new URL('/admin/login', request.url); + return NextResponse.redirect(loginUrl); + } - if (!user) { - const loginUrl = new URL('/admin/login', request.url); - return NextResponse.redirect(loginUrl); + return response; + } catch (err) { + // If anything goes wrong (network issues, bad URL, etc.), don't block the request + console.warn('Middleware error, falling through to client-side auth:', err); + return NextResponse.next(); } - - return response; } export const config = { From 36d8538913b17cc18f28ffec228004ec10309c5e Mon Sep 17 00:00:00 2001 From: Kutluhan Bayram Date: Fri, 27 Mar 2026 00:11:28 -0400 Subject: [PATCH 2/2] Fix middleware login: use Docker-internal Supabase URL for server-side auth The middleware runs server-side inside the frontend container where localhost:8000 is unreachable (it refers to the container itself, not the host). Added SUPABASE_URL env var pointing to supabase-kong:8000 for Docker networking, and the middleware now prefers it over the browser-facing NEXT_PUBLIC_SUPABASE_URL. Co-Authored-By: Claude Opus 4.6 --- docker-compose.yml | 1 + frontend/src/middleware.ts | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index ff616ec..01d39c8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -229,6 +229,7 @@ services: environment: NODE_ENV: development NEXT_PUBLIC_SUPABASE_URL: http://localhost:8000 + SUPABASE_URL: http://supabase-kong:8000 NEXT_PUBLIC_SUPABASE_ANON_KEY: ${ANON_KEY:-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24iLCJleHAiOjE5ODM4MTI5OTZ9.CRXP1A7WOeoJeXxjNni43kdQwgnWNReilDMblYTn_I0} NEXT_PUBLIC_API_URL: http://localhost:4000 API_URL: http://trust-center-backend:4000 diff --git a/frontend/src/middleware.ts b/frontend/src/middleware.ts index 07bd224..9bd179c 100644 --- a/frontend/src/middleware.ts +++ b/frontend/src/middleware.ts @@ -14,7 +14,8 @@ export async function middleware(request: NextRequest) { } // If Supabase env vars are not configured, fall through to client-side auth - const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL; + // Prefer SUPABASE_URL (Docker-internal) over NEXT_PUBLIC_SUPABASE_URL (browser-facing localhost) + const supabaseUrl = process.env.SUPABASE_URL || process.env.NEXT_PUBLIC_SUPABASE_URL; const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY; if (!supabaseUrl || !supabaseAnonKey) { return NextResponse.next();