From 09a538d5aa32f0ee8d874f26639da56f79b6a13f Mon Sep 17 00:00:00 2001
From: Danel Kungla <danel@mountbirch.com>
Date: Mon, 30 Jun 2025 11:37:33 +0300
Subject: [PATCH] feat: Add MFA verification for Super Admin users in
 middleware

---
 middleware.ts | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

diff --git a/middleware.ts b/middleware.ts
index 726c9e5..c9283b7 100644
--- a/middleware.ts
+++ b/middleware.ts
@@ -150,20 +150,25 @@ function getPatterns() {
           return NextResponse.redirect(new URL('/', req.nextUrl.origin).href);
         }
 
-        // check if we need to verify MFA (user is authenticated but needs to verify MFA)
-        // TODO: this mfa should only be applied to SUPER_ADMIN
-        // const isVerifyMfa = req.nextUrl.pathname === pathsConfig.auth.verifyMfa;
+        const client = createMiddlewareClient(req, res);
+        const userIsSuperAdmin = await isSuperAdmin(client);
 
-        // If user is logged in and does not need to verify MFA,
-        // redirect to home page.
-        // if (!isVerifyMfa) {
-        //   const nextPath =
-        //     req.nextUrl.searchParams.get('next') ?? pathsConfig.app.home;
+        if (userIsSuperAdmin) {
+          // check if we need to verify MFA (user is authenticated but needs to verify MFA)
+          const isVerifyMfa =
+            req.nextUrl.pathname === pathsConfig.auth.verifyMfa;
 
-        //   return NextResponse.redirect(
-        //     new URL(nextPath, req.nextUrl.origin).href,
-        //   );
-        // }
+          // If user is logged in and does not need to verify MFA,
+          // redirect to home page.
+          if (!isVerifyMfa) {
+            const nextPath =
+              req.nextUrl.searchParams.get('next') ?? pathsConfig.app.home;
+
+            return NextResponse.redirect(
+              new URL(nextPath, req.nextUrl.origin).href,
+            );
+          }
+        }
       },
     },
     {