multi zone systum

apps/student/middleware.ts

@@ -1,25 +1,39 @@
+// apps/student/middleware.ts
 import { auth } from '@/auth';
 import { NextResponse, NextRequest } from 'next/server';
 
 export default auth((req: NextRequest) => {
+  const { pathname } = req.nextUrl;
+  // console.log('student middleware requested path:', pathname);
+
+  // If not authenticated -> login (student side)
   if (!req.auth) {
     return NextResponse.redirect(new URL('/login', req.url));
   }
 
-  if (req.auth.user?.role === 'USER') {
-    if (!req.auth.user?.completedProfile && !req.nextUrl.pathname.startsWith('/signup')) {
-      const signupUrl = process.env.STUDENT_PROFILE_URL ?? 'http://localhost:3000/signup';
-      return NextResponse.redirect(new URL(signupUrl, req.url));
-    }
+  const role = req.auth.user?.role;
 
+  // If user is an ADMIN, prefer sending them to the admin area on the same origin
+  if (role === 'ADMIN') {
+    return NextResponse.redirect(new URL('/admin', req.url));
+  }
+
+  // Normal student flow
+  if (role === 'USER') {
+    if (!req.auth.user?.completedProfile && !pathname.startsWith('/signup')) {
+      return NextResponse.redirect(new URL('/signup', req.url));
+    }
     return NextResponse.next();
   }
 
-  const adminUrl = process.env.ADMIN_URL ?? 'http://localhost:3001';
-
-  return NextResponse.redirect(new URL(adminUrl, req.url));
+  // Fallback
+  return NextResponse.redirect(new URL('/login', req.url));
 });
 
+// IMPORTANT: exclude /admin from this matcher so student middleware never runs for /admin
 export const config = {
-  matcher: ['/((?!api|_next/static|_next/image|favicon.ico|login).*)'],
+  matcher: [
+    // run for everything except api, _next static/image, favicon, login, signup, or admin
+    '/((?!api|_next/static|_next/image|favicon.ico|login|signup|admin).*)',
+  ],
 };