From 897dbfe20d742fdb0dd333fc8197baed11965cec Mon Sep 17 00:00:00 2001
From: Ashwanth3637 <ashwanths.22cse@kongu.edu>
Date: Tue, 16 Jun 2026 16:00:36 +0530
Subject: [PATCH] login

---
 .env                                   |  1 +
 app/auth/login/page.tsx                |  6 ++++
 components/gallery/CreateEventForm.tsx | 17 ++++++++++--
 components/gallery/ListOfEvents.tsx    | 22 ++++++++++++---
 middleware.ts                          | 38 ++++++++++++++++++++++++++
 5 files changed, 78 insertions(+), 6 deletions(-)
 create mode 100644 .env
 create mode 100644 app/auth/login/page.tsx
 create mode 100644 middleware.ts

diff --git a/.env b/.env
new file mode 100644
index 0000000..0731906
--- /dev/null
+++ b/.env
@@ -0,0 +1 @@
+NEXT_PUBLIC_API_BASE_URL=http://localhost:3001/api/
\ No newline at end of file
diff --git a/app/auth/login/page.tsx b/app/auth/login/page.tsx
new file mode 100644
index 0000000..3d17ff4
--- /dev/null
+++ b/app/auth/login/page.tsx
@@ -0,0 +1,6 @@
+import { redirect } from 'next/navigation';
+
+export default function AuthLoginRedirect() {
+    // Redirect legacy /auth/login URL to the actual login page at /login
+    redirect('/login');
+}
diff --git a/components/gallery/CreateEventForm.tsx b/components/gallery/CreateEventForm.tsx
index df39541..bb37cc3 100644
--- a/components/gallery/CreateEventForm.tsx
+++ b/components/gallery/CreateEventForm.tsx
@@ -1,7 +1,8 @@
-'use client';
+ 'use client';
 import React, { useState, ChangeEvent, FormEvent } from 'react';
 import IconTrashLines from '../icon/icon-trash-lines';
 import axios from 'axios';
+import Cookies from 'universal-cookie';
 import { useRouter } from 'next/navigation';
 import { showMessage } from '@/utils/CommonFunction.utils';
 import { buildApiUrl } from '@/utils/BaseUrl.utils';
@@ -86,9 +87,17 @@ const CreateEventForm: React.FC = () => {
         }
 
         try {
+            const cookies = new Cookies();
+            const token = cookies.get('token');
+            if (!token) {
+                showMessage('Access denied. Please sign in first.');
+                router.push('/login');
+                return;
+            }
             const ImageUpload = await axios.post(buildApiUrl('upload/single'), data, {
                 headers: {
                     "Content-Type": "multipart/form-data", // important for file upload
+                    Authorization: `Bearer ${token}`,
                 },
             })
             console.log("ImageUpload", ImageUpload)
@@ -100,7 +109,11 @@ const CreateEventForm: React.FC = () => {
                 eventimageurl: ImageUpload?.data?.data?.fullUrl
             }
 
-            const res = await axios.post(buildApiUrl('events'), createData)
+            const res = await axios.post(buildApiUrl('events'), createData, {
+                headers: {
+                    Authorization: `Bearer ${cookies.get('token')}`,
+                },
+            })
             console.log("res", res)
             showMessage("Event Created Successfully", "success")
             router?.push(`/`)
diff --git a/components/gallery/ListOfEvents.tsx b/components/gallery/ListOfEvents.tsx
index 5ac63e8..1f524e2 100644
--- a/components/gallery/ListOfEvents.tsx
+++ b/components/gallery/ListOfEvents.tsx
@@ -1,5 +1,6 @@
-'use client';
+ 'use client';
 import axios from 'axios';
+import Cookies from 'universal-cookie';
 import { Metadata } from 'next';
 import Link from 'next/link';
 import React, { useEffect, useState } from 'react';
@@ -24,7 +25,16 @@ const ListOfEvents = () => {
 
     const getEvents = async () => {
         try {
-            const eventRes: any = await axios?.get(buildApiUrl('events'))
+            const cookies = new Cookies();
+            const token = cookies.get('token');
+            if (!token) {
+                // No token: redirect to login
+                router.push('/login');
+                return;
+            }
+            const eventRes: any = await axios.get(buildApiUrl('events'), {
+                headers: { Authorization: `Bearer ${token}` },
+            });
             console.log("eventRes", eventRes)
             setEvents(eventRes?.data?.data)
         } catch (error) {
@@ -60,9 +70,13 @@ const ListOfEvents = () => {
             padding: '2em',
             customClass: { popup: 'sweet-alerts' },
         }).then(async (result) => {
-            if (result.isConfirmed) {
+                    if (result.isConfirmed) {
                 try {
-                    await axios.delete(buildApiUrl(`events/${event.id}`));
+                    const cookies = new Cookies();
+                    const token = cookies.get('token');
+                    await axios.delete(buildApiUrl(`events/${event.id}`), {
+                        headers: { Authorization: `Bearer ${token}` },
+                    });
                     Swal.fire({
                         title: 'Deleted!',
                         text: 'Your file has been deleted.',
diff --git a/middleware.ts b/middleware.ts
new file mode 100644
index 0000000..896626f
--- /dev/null
+++ b/middleware.ts
@@ -0,0 +1,38 @@
+import { NextResponse } from 'next/server';
+import type { NextRequest } from 'next/server';
+
+export function middleware(req: NextRequest) {
+  const { pathname } = req.nextUrl;
+
+  // Allow public and framework paths without auth
+  const allowlist = [
+    '/login', // login page
+   
+  ];
+
+  if (
+    pathname.startsWith('/_next') ||
+    pathname.startsWith('/static') ||
+    pathname.startsWith('/assets') ||
+   
+    allowlist.some((p) => pathname === p || pathname.startsWith(p + '/')) ||
+    // allow public files (images, css, etc.)
+    /\.(jpg|jpeg|png|svg|ico|css|js|map)$/.test(pathname)
+  ) {
+    return NextResponse.next();
+  }
+
+  // For all other routes, require a token cookie
+  const token = req.cookies.get('token')?.value;
+  if (!token) {
+    const url = req.nextUrl.clone();
+    url.pathname = '/login';
+    return NextResponse.redirect(url);
+  }
+
+  return NextResponse.next();
+}
+
+export const config = {
+  matcher: ['/:path*'],
+};