fix(redirects): update middleware to allow access to /chat regardless of auth status #1516
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Greptile Overview
Summary
This PR fixes a routing issue in the application's middleware by adding a bypass for `/chat/` routes. The change introduces a simple conditional check that allows unrestricted access to any route starting with `/chat/` by returning `NextResponse.next()` early, effectively skipping all authentication checks.The problem being addressed was that the existing middleware was redirecting users away from chat functionality - authenticated users were being sent to the workspace while unauthenticated users were redirected to the homepage. This behavior prevented both user types from accessing the chat interface, which appears to be designed to work for both logged-in and guest users.
The fix is strategically placed at line 150-152 in the middleware, before the workspace authentication logic kicks in, ensuring that chat routes are handled before any protected route redirects occur. This allows the chat API endpoints (as evidenced by the comprehensive /apps/sim/app/api/chat directory structure) to function properly regardless of user authentication status.
Important Files Changed
Changed Files
| Filename | Score | Overview |
|---|---|---|
| apps/sim/middleware.ts | 4/5 | Added early return bypass for /chat/ routes to skip authentication checks |
Confidence score: 4/5
- This PR is safe to merge with low risk as it addresses a specific routing issue with a targeted fix
- Score reflects the straightforward nature of the change and clear problem-solution fit, though broader security implications should be monitored
- Pay attention to
apps/sim/middleware.tsto ensure the bypass doesn't inadvertently expose sensitive chat functionality
Sequence Diagram
sequenceDiagram
participant User
participant Middleware
participant NextResponse
participant SessionCookie
participant Logger
User->>Middleware: "Incoming Request"
Middleware->>SessionCookie: "getSessionCookie(request)"
SessionCookie-->>Middleware: "sessionCookie"
Middleware->>Middleware: "hasActiveSession = !!sessionCookie"
alt Root Path (/ or /homepage)
Middleware->>Middleware: "handleRootPathRedirects()"
alt hasActiveSession && pathname === '/'
Middleware->>NextResponse: "redirect('/workspace')"
NextResponse-->>User: "Redirect to workspace"
else pathname === '/homepage'
Middleware->>NextResponse: "rewrite('/')"
NextResponse-->>User: "Rewrite to root"
end
else Login/Signup Path
alt hasActiveSession
Middleware->>NextResponse: "redirect('/workspace')"
NextResponse-->>User: "Redirect to workspace"
else
Middleware->>NextResponse: "next()"
NextResponse-->>User: "Allow access"
end
else Chat Path (/chat/*)
Middleware->>NextResponse: "next()"
NextResponse-->>User: "Allow access"
else Workspace Path
alt !hasActiveSession
Middleware->>NextResponse: "redirect('/login')"
NextResponse-->>User: "Redirect to login"
else
Middleware->>NextResponse: "next()"
NextResponse-->>User: "Allow access"
end
else Invitation Path
Middleware->>Middleware: "handleInvitationRedirects()"
alt !hasActiveSession && needs redirect
Middleware->>NextResponse: "redirect('/login?callbackUrl=...')"
NextResponse-->>User: "Redirect to login with callback"
else
Middleware->>NextResponse: "next()"
NextResponse-->>User: "Allow access"
end
else API Workspace Invitation
Middleware->>Middleware: "handleWorkspaceInvitationAPI()"
alt !hasActiveSession && accept endpoint
Middleware->>NextResponse: "redirect('/invite/{token}')"
NextResponse-->>User: "Redirect to invite page"
else
Middleware->>NextResponse: "next()"
NextResponse-->>User: "Allow access"
end
else Security Check
Middleware->>Middleware: "handleSecurityFiltering()"
alt Suspicious User-Agent && !webhook
Middleware->>Logger: "warn('Blocked suspicious request')"
Middleware->>NextResponse: "403 Forbidden"
NextResponse-->>User: "403 Forbidden"
else
Middleware->>NextResponse: "next() with headers"
NextResponse-->>User: "Allow with security headers"
end
end
1 file reviewed, no comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Type of Change
Testing
Tested manually.
Checklist