From 30f804b7ffe615741a43f32a648dfdf2fb0b4820 Mon Sep 17 00:00:00 2001
From: DJP <DJP>
Date: Mon, 13 Apr 2026 15:26:51 -0400
Subject: [PATCH] Fix login redirect missing basePath behind reverse proxy

Use request.nextUrl.clone() instead of new URL("/login", request.url)
so Next.js includes the /hp-prod-tracker basePath in redirects.
Without this, unauthenticated users get sent to /login instead of
/hp-prod-tracker/login.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/middleware.ts | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/middleware.ts b/src/middleware.ts
index 1769470..f1be42e 100644
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -52,7 +52,9 @@ export function middleware(request: NextRequest) {
 
   // Redirect logged-in users away from login page
   if (isAuthPage && isLoggedIn) {
-    return NextResponse.redirect(new URL("/dashboard", request.url));
+    const url = request.nextUrl.clone();
+    url.pathname = "/dashboard";
+    return NextResponse.redirect(url);
   }
 
   // Allow authenticated users to access the pending page
@@ -65,7 +67,9 @@ export function middleware(request: NextRequest) {
     if (pathname.startsWith("/api/")) {
       return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
     }
-    return NextResponse.redirect(new URL("/login", request.url));
+    const url = request.nextUrl.clone();
+    url.pathname = "/login";
+    return NextResponse.redirect(url);
   }
 
   return NextResponse.next();