I did route protection with nextJs middleware but is there any way to do it more compact ?

[rftglyv]

middleware.js

import { getToken } from 'next-auth/jwt';
import { NextResponse } from 'next/server';

export async function middleware(req) {
    const token = await getToken({ req, secret: process.env.NEXTAUTH_SECRET });
    const { pathname, searchParams } = req.nextUrl;
    const error = searchParams.get('err');

    if (pathname === '/welcome') {
        if (['400', '401'].includes(error)) return NextResponse.next();
        if (token) return NextResponse.redirect(new URL(searchParams.get('callbackUrl')).href || '/dashboard');
    }

    if (!token && pathname.startsWith('/dashboard')) {
        const url = new URL(req.nextUrl.href);
        url.searchParams.set('callbackUrl', req.nextUrl.href);
        url.pathname = '/welcome';
        return NextResponse.redirect(url);
    }

    return NextResponse.next();
}

export const config = {
    matcher: ['/welcome', '/dashboard/:path*', '/api/:path*'],
};

app\api\auth\[...nextauth]\route.js

import { emailHtmlGen } from "@/utils/emailGen";
import logger from "@/utils/logger";
import { Environment, Paddle } from '@paddle/paddle-node-sdk';
import { PrismaClient } from '@prisma/client';
import bcrypt from 'bcryptjs';
import jwt from 'jsonwebtoken';
import NextAuth from "next-auth/next";
import CredentialsProvider from "next-auth/providers/credentials";
import GoogleProvider from "next-auth/providers/google";
import nodemailer from 'nodemailer';
import generateToken from "utils/signJwt";

const paddle = new Paddle(process.env.PADDLE_API_KEY, {
    environment: Environment.production, // Switch between sandbox and production
    logLevel: 'verbose', // or 'error' for less verbose logging
});

const prisma = new PrismaClient();

const transporter = nodemailer.createTransport({
    host: process.env.EMAIL_HOST,
    port: process.env.EMAIL_PORT,
    secure: false,
    auth: {
        user: process.env.EMAIL_USER,
        pass: process.env.EMAIL_PASS,
    },
});

export const authOptions = {
    providers: [
        // OTP-based Credentials Provider
        CredentialsProvider({
            name: "replyment-otp",
            credentials: {
                email: { label: 'Email', type: 'text', placeholder: 'your-email@example.com' },
                otp: { label: 'OTP', type: 'text', placeholder: '123456' },
            },
            async authorize(credentials) {
                const { email, otp } = credentials;
                try {
                    // Find user by email
                    let user = await prisma.user.findUnique({
                        where: { email },
                        include: { subscription: true },
                    });

                    if (!user) {
                        throw new Error(`User not found&email=${email}`);
                    }

                    // Check OTP expiration
                    if (new Date() > user.otpExpiry) {
                        throw new Error(`OTP expired&email=${email}`);
                    }

                    // Validate OTP
                    const isOtpValid = await bcrypt.compare(otp, user.otp);
                    if (!isOtpValid) {
                        throw new Error(`Invalid OTP&email=${email}`);
                    }

                    if (user.status == 'Banned') {
                        throw new Error(`User is banned&email=${email}`);
                    }

                    // Reactivate user if inactive
                    if (user.status !== 'Active' && user.status !== 'Banned') {
                        user = await prisma.user.update({
                            where: { email },
                            data: { status: 'Active' },
                            include: { subscription: true },
                        });

                        // Send activation email
                        if (user) {
                            await transporter.sendMail({
                                from: process.env.EMAIL_FROM,
                                to: user.email,
                                subject: 'Your Account Has Been Activated',
                                text: `Your account associated with ${user.email} has been successfully activated.`,
                                html: emailHtmlGen("Account Activation Notice", `Your account ${user.email} has been successfully activated.`),
                            });
                        }
                    }

                    // Clear OTP fields on success
                    await prisma.user.update({
                        where: { email },
                        data: { otp: null, otpExpiry: null, otpInit: null },
                    });

                    // Generate JWT with user data
                    logger.info(`OTP verified for ${email}`, { paddleId: user.paddleId });

                    return user;
                } catch (error) {
                    throw new Error(error.message || `OTP verification failed&email=${email}`);
                }
            },
        }),

        // Google Provider
        GoogleProvider({
            clientId: process.env.GOOGLE_CLIENT_ID,
            clientSecret: process.env.GOOGLE_CLIENT_SECRET,
        }),
    ],

    session: {
        jwt: true,
        maxAge: 7 * 24 * 60 * 60, // 7 days
    },

    jwt: {
        // The maximum age of the NextAuth.js issued JWT in seconds.
        // Defaults to `session.maxAge`.
        maxAge: 7 * 24 * 60 * 60, // 7 days
    },

    callbacks: {
        // SignIn callback
        async signIn({ user, account, profile }) {
            try {
                let paddleUserId = null;
                try {
                    if (!user.paddleId) {
                        // Fetch Paddle user data
                        const paddleResponse = await fetch(`https://api.paddle.com/customers?email=${encodeURIComponent(user.email)}`, {
                            method: 'GET',
                            headers: {
                                'Content-Type': 'application/json',
                                'Authorization': `Bearer ${process.env.PADDLE_API_KEY}`
                            }
                        });

                        if (!paddleResponse.ok) {
                            return new Response('Failed to fetch Paddle user data', { status: paddleResponse.status });
                        }

                        let paddleUser = await paddleResponse.json();
                        paddleUserId = paddleUser?.data?.[0]?.id || null;

                        if (!paddleUserId) {
                            paddleUser = await paddle.customers.create({
                                email: user?.email,
                                name: user?.name || 'Replyment User',
                            });
                            paddleUserId = paddleUser.id;
                        }

                    } else {
                        paddleUserId = user.paddleId;
                    }
                } catch (e) {
                    console.log("Paddle User Fetch Error", e)
                }
                // Handle sign-in with Google
                try {
                    if (account.provider === 'google') {
                        let existingUser = await prisma.user.findUnique({
                            where: { email: user.email },
                            include: { subscription: true },
                        });

                        // Create a new user if it doesn't exist
                        if (!existingUser) {
                            existingUser = await prisma.user.create({
                                data: {
                                    paddleId: paddleUserId,
                                    email: user.email,
                                    role: 'User',
                                    subscription: { create: { level: 'None' } },
                                },
                                include: { subscription: true },
                            });
                        }
                        if (existingUser.status == 'Banned') {
                            throw new Error(`User is banned&email=${user.email}`);
                        }

                        // Fix: Update the Paddle ID if not present
                        if (existingUser && !existingUser.paddleId) {
                            await prisma.user.update({
                                where: { email: user.email },
                                data: { paddleId: paddleUserId },
                            });
                        }

                        // Reactivate user if inactive
                        if (existingUser && existingUser.status !== 'Active' && existingUser.status !== 'Banned') {
                            existingUser = await prisma.user.update({
                                where: { email: user.email },
                                data: { status: 'Active' },
                                include: { subscription: true },
                            });

                            // Send activation email
                            if (existingUser) {
                                await transporter.sendMail({
                                    from: process.env.EMAIL_FROM,
                                    to: existingUser.email,
                                    subject: 'Your Account Has Been Activated',
                                    text: `Your account associated with ${existingUser.email} has been successfully activated.`,
                                    html: emailHtmlGen("Account Activation Notice", `Your account ${existingUser.email} has been successfully activated.`),
                                });
                            }
                        }

                        // Attach account data to JWT
                        logger.info(`JWT generated for ${user.email}`);
                        const token = await generateToken(existingUser.id, {
                            email: existingUser.email,
                            role: existingUser.role,
                            paddleId: paddleUserId,
                            subscriptionId: existingUser.subscription.id,
                        });

                        user.accessToken = token;
                        return user;
                    }
                } catch (e) {
                    console.log("Google Signin Error", e)
                }

                try {
                    // Handle sign-in with credentials
                    if (account.provider === 'credentials') {
                        // Fix: Update the Paddle ID if not present
                        if (!user.paddleId) {
                            await prisma.user.update({
                                where: { email: user.email },
                                data: { paddleId: paddleUserId },
                            });
                        }

                        // Generate JWT with user data
                        logger.info(`JWT generated for ${user.email}`);
                        const token = await generateToken(user.id, {
                            email: user.email,
                            role: user.role,
                            paddleId: paddleUserId,
                            subscriptionId: user.subscription?.id,
                        });

                        user.accessToken = token;
                    }
                } catch (e) {
                    console.log("Credentials Signin Error", e)
                }

                return true;
            } catch (error) {
                const meta = {
                    userEmail: user.email,
                    errorCode: error.code || 'UNKNOWN',
                    stack: error.stack,
                };
                logger.error(`Sign-in error: ${error.message}`, meta);
                console.log(error)
                return false;
            }
        },

        // JWT callback
        async jwt({ token, user }) {
            if (user) {
                token.accessToken = user.accessToken;
                token.exp = Math.floor((Date.now() + 7 * 24 * 60 * 60 * 1000) / 1000);
            }
            return token;
        },

        // Session callback
        async session({ session, token }) {

            if (token) {
                try {
                    const decodedToken = jwt.verify(token.accessToken, process.env.JWT_SECRET);
                    if (decodedToken.exp < Math.floor(Date.now() / 1000)) {
                        return null;
                    }
                } catch (error) {
                    return null;
                }
            } else {
                return null;
            }

            session.accessToken = token.accessToken;

            if (session.user && session.user.email) {
                try {
                    // Check user status
                    const userStatus = await prisma.user.findUnique({
                        where: { email: session.user.email },
                        select: { status: true },
                    });

                    // Log the user status
                    logger.auth(`User status: ${userStatus?.status}`, { email: session.user.email });

                    // Invalidate session if the user is banned
                    if (userStatus?.status === 'Banned') {
                        return null;
                    }
                } catch (error) {
                    logger.error(`Error fetching user status: ${error.message}`, {
                        email: session.user.email,
                        stack: error.stack,
                    });
                    return null;
                }
            }

            return session;
        },
    },

    secret: process.env.NEXTAUTH_SECRET,
    pages: {
        signIn: "/welcome",
        error: "/welcome",
    },
    debug: process.env.NODE_ENV === "development",
};

const handler = NextAuth(authOptions);

export { handler as GET, handler as POST };