import { NextRequest, NextResponse } from 'next/server' export function middleware(req: NextRequest) { const { pathname } = req.nextUrl const token = req.cookies.get('pb_token')?.value const role = req.cookies.get('pb_role')?.value const isAdminPath = pathname.startsWith('/admin') const isAppPath = pathname.startsWith('/app') if (!token) { if (isAdminPath || isAppPath) { return NextResponse.redirect(new URL('/auth', req.url)) } return NextResponse.next() } if (isAdminPath && role !== 'admin') { return NextResponse.redirect(new URL(role === 'employee' ? '/app' : '/auth', req.url)) } if (isAppPath && role !== 'employee') { return NextResponse.redirect(new URL(role === 'admin' ? '/admin' : '/auth', req.url)) } return NextResponse.next() } export const config = { matcher: ['/admin/:path*', '/app/:path*'], }