From 8d90c92d3feffa0cb45d0ca7aa9d8a6b1d0cf44e Mon Sep 17 00:00:00 2001
From: multipleof4 <planetrenox@protonmail.com>
Date: Sun, 15 Mar 2026 16:51:03 -0700
Subject: [PATCH] Feat: Protect /paper and /dash routes

---
 middleware.js | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/middleware.js b/middleware.js
index 1e6e98b..47056e2 100644
--- a/middleware.js
+++ b/middleware.js
@@ -1,11 +1,12 @@
 import { NextResponse } from 'next/server';
 import { verifySession } from './lib/auth';
 
-// Define which paths should trigger this middleware
 export const config = {
   matcher: [
-    '/dashboard/:path*', 
-    '/api/state', 
+    '/dashboard/:path*',
+    '/paper/:path*',
+    '/dash/:path*',
+    '/api/state',
     '/api/trades'
   ],
 };
@@ -15,15 +16,11 @@ export async function middleware(req) {
   const isValid = await verifySession(token);
 
   if (!isValid) {
-    // If they are trying to hit an API endpoint without a session, return 401
     if (req.nextUrl.pathname.startsWith('/api/')) {
       return NextResponse.json({ error: 'Unauthorized. Nice try!' }, { status: 401 });
     }
-    
-    // Otherwise, boot them back to the login page
     return NextResponse.redirect(new URL('/', req.url));
   }
 
-  // Session is valid, allow the request to proceed
   return NextResponse.next();
 }