fix: handle proper authentication

[Sepulator]

Type of PR 🍩

• Feature
• Bugfix
• Hotfix
• Refactoring
• Documentation
• Infrastructure

Changes Introduced 🥯

• Fixed:
  • exclude api/proxy from auth
  • correct redirects

Self-Check ✅

• No console errors (except API requests)
• 80%+ test coverage
• Documentation updated (if relevant)
• Package.json scripts updated (if relevant)

[netlify]

✅ Deploy Preview for vatruzhka ready!

Name	Link
🔨 Latest commit	7b334d9
🔍 Latest deploy log	https://app.netlify.com/projects/vatruzhka/deploys/68d0318413ac1000083e64d9
😎 Deploy Preview	https://deploy-preview-32--vatruzhka.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[gemini-code-assist]

Summary of Changes

Hello @Sepulator, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on enhancing the application's authentication system by addressing several key areas. It refactors the authentication flow to provide more consistent and reliable user experience during sign-up, sign-in, and sign-out processes, including improved redirection and page revalidation. Additionally, it optimizes middleware behavior by excluding API routes from general processing and refines the logic for identifying the correct authentication form type.

Highlights

• Refactored Authentication Flow: Centralized client-side logout logic into a new utility and refined redirection logic after sign-up, sign-in, and sign-out events, ensuring proper page revalidation.
• Middleware Exclusion for API Routes: Updated the middleware configuration to explicitly exclude /api routes from general middleware processing, preventing unintended authentication checks on these endpoints.
• Improved Authentication Form Logic: The authentication form now determines its type (sign-up or sign-in) more robustly by checking the secondaryAction.link property.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request refactors authentication handling, notably by moving the logout process to the client-side for a better user experience and updating middleware to exclude API routes. While these are positive changes, the refactoring has introduced a critical issue by removing route protection from the dashboard, potentially exposing protected routes to unauthenticated users. I've also identified a couple of high-severity issues in the server-side authentication actions where edge cases are not handled, which could result in a confusing user experience. My review provides specific suggestions to address these problems.