fix: remove middleware.ts — Next.js 16 uses proxy.ts (which already existed with correct auth logic)

web/middleware.ts

@@ -1,76 +0,0 @@
-/**
- * ClauseGuard — Next.js Middleware v4.1
- * FIX: This file was MISSING entirely. Without it, the auth guard in proxy.ts
- * never executes, meaning anyone can access /dashboard-pages/* without logging in.
- *
- * This middleware:
- * 1. Refreshes Supabase auth tokens on every request
- * 2. Redirects unauthenticated users away from protected routes
- * 3. Redirects authenticated users away from auth pages
- */
-
-import { createServerClient } from "@supabase/ssr";
-import { NextResponse, type NextRequest } from "next/server";
-
-export async function middleware(request: NextRequest) {
-  let supabaseResponse = NextResponse.next({ request });
-
-  if (!process.env.NEXT_PUBLIC_SUPABASE_URL || !process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY) {
-    return supabaseResponse;
-  }
-
-  const supabase = createServerClient(
-    process.env.NEXT_PUBLIC_SUPABASE_URL,
-    process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY,
-    {
-      cookies: {
-        getAll() {
-          return request.cookies.getAll();
-        },
-        setAll(cookiesToSet) {
-          cookiesToSet.forEach(({ name, value }) => request.cookies.set(name, value));
-          supabaseResponse = NextResponse.next({ request });
-          cookiesToSet.forEach(({ name, value, options }) =>
-            supabaseResponse.cookies.set(name, value, options)
-          );
-        },
-      },
-    }
-  );
-
-  // MUST await — otherwise auth cookie refresh doesn't work
-  const {
-    data: { user },
-  } = await supabase.auth.getUser();
-
-  const pathname = request.nextUrl.pathname;
-  const isAuthPage =
-    pathname.startsWith("/auth/") && !pathname.includes("callback");
-  const isDashboard =
-    pathname.startsWith("/dashboard-pages") || pathname.startsWith("/admin");
-
-  // Logged-in user on auth pages → redirect to dashboard
-  if (user && isAuthPage) {
-    return NextResponse.redirect(
-      new URL("/dashboard-pages/dashboard", request.url)
-    );
-  }
-
-  // Not logged in on protected pages → redirect to login
-  if (!user && isDashboard) {
-    const url = request.nextUrl.clone();
-    url.pathname = "/auth/login";
-    url.searchParams.set("next", pathname);
-    return NextResponse.redirect(url);
-  }
-
-  return supabaseResponse;
-}
-
-export const config = {
-  matcher: [
-    "/dashboard-pages/:path*",
-    "/auth/:path*",
-    "/admin/:path*",
-  ],
-};