ctfguide-tech · Laphatize · Sep 18, 2024 · Sep 18, 2024
diff --git a/src/middleware.js b/src/middleware.js
@@ -1,20 +1,40 @@
 import { NextResponse } from 'next/server'
 
 export function middleware(req) {
- const { pathname } = req.nextUrl;
+  const { pathname } = req.nextUrl;
 
- if (
-    pathname.startsWith("/api") || // exclude all API routes
-    pathname.startsWith("/static") || // exclude static files
-    pathname.includes(".") // exclude all files in the public folder
-  )
-  return NextResponse.next();
+  // Exclude API routes and static files
+  if (
+    pathname.startsWith("/api") || // Exclude all API routes
+    pathname.startsWith("/static") || // Exclude static files
+    pathname.includes(".") // Exclude all files in the public folder
+  ) {
+    return NextResponse.next();
+  }
 
-  const idToken = req.cookies.get('idToken');
+  // List of paths that don't require authentication
+  const publicPaths = [
+    '/login',
+    '/careers',
+    '/register',
+    '/onboarding',
+    '/forgot-password',
+    '/education',
+    '/userrs',
+    '/privacy-policy',
+    '/404',
+    '/terms-of-service',
+    '/learn',
+  ];
 
-  // ensure token is valid 
-  // basic request to server to ensure that the token is valid
+  // Allow access to public paths, even with query parameters
+  if (publicPaths.some((path) => pathname.startsWith(path))) {
+    return NextResponse.next();
+  }
+
+  const idToken = req.cookies.get('idToken');
 
+  // Redirect to login if token is missing or invalid
   if (!idToken) {
     const url = req.nextUrl.clone();
     url.pathname = '/login';
@@ -25,5 +45,5 @@ export function middleware(req) {
 }
 
 export const config = {
-  matcher: ['/((?!_next/static|favicon.ico|login|careers|register|onboarding|forgot-password|education|userrs|privacy-policy|404|terms-of-service|learn|$).*)'],
+  matcher: '/:path*',
 }
diff --git a/src/pages/forgot-password.jsx b/src/pages/forgot-password.jsx
@@ -32,7 +32,7 @@ export default function Forgot() {
       const data = await response.json();
 
       if(data.success) {
-        toast.success("Email was send to", email);
+        toast.success("Password reset email has been sent. It should arrive within a few minutes.");
       } else {
         toast.error("Email failed to send try again later");
       }
@@ -104,6 +104,7 @@ export default function Forgot() {
 
     if(data.success) {
       toast.success("Password has been reset");
+      router.push("/login");
     } else {
       toast.error("Unable to reset the password, try again later");
     }

diff --git a/src/utils/request.js b/src/utils/request.js
@@ -1,4 +1,3 @@
-
 const request = async (url, req_method, body) => {
   try {
     let method = req_method.toUpperCase();
@@ -20,7 +19,7 @@ const request = async (url, req_method, body) => {
         const pathNames = ["/", "/login", "/careers", "/register", 
           "/onboarding", "/forgot-password", "/education", "/userrs", 
           "/privacy-policy","/404", "/terms-of-service", "/learn"];
-        if(!pathNames.includes(path)) window.location.href = "/login";
+        if(!pathNames.includes(path) && !path.startsWith("/forgot-password")) window.location.href = "/login";
         return null;
       }
 
@@ -43,7 +42,7 @@ const request = async (url, req_method, body) => {
         const pathNames = ["/", "/login", "/careers", "/register", 
           "/onboarding", "/forgot-password", "/education", "/userrs", 
           "/privacy-policy","/404", "/terms-of-service", "/learn"];
-        if(!pathNames.includes(path)) window.location.href = "/login";
+        if(!pathNames.includes(path) && !path.startsWith("/forgot-password")) window.location.href = "/login";
         return null;
       }