refactor(web): remove middleware pre-auth guard and dead auth flow

[manNomi]

요약

• 보호 경로에 대한 middleware 사전 인가(선리다이렉트) 로직을 제거했습니다.
• 해당 흐름에 종속되어 더 이상 사용되지 않는 로그인 쿠키/reason 토스트 코드를 함께 정리했습니다.
• middleware의 stage robots.txt 처리 및 probe 경로 차단은 유지했습니다.

변경 사항

• apps/web/src/middleware.ts
  • loginNeedPages 기반 선인증 분기 제거
  • refreshToken 존재 검사 기반 /login 리다이렉트 제거
  • isNeedLogin 쿠키 세팅 로직 제거
  • stage robots.txt 응답 및 probe 경로 차단 로직 유지
• apps/web/src/app/login/LoginContent.tsx
  • isNeedLogin 쿠키 감지/토스트 처리 제거
  • community-members-only reason 토스트 처리 제거
• apps/web/src/lib/zustand/useAuthStore.ts
  • dead state 제거: isNeedLogin, setNeedLogin, clearNeedLogin
• 문서 업데이트
  • apps/web/AUTHENTICATION.md
  • docs/auth-refresh-edge-cases.md

검증

• pnpm --filter @solid-connect/web lint:check
• pnpm --filter @solid-connect/web typecheck
• pre-push hook 통과 (ci:check + next build)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
solid-connect-web-admin	Ready	Preview, Comment	May 4, 2026 8:40am
solid-connection-web	Ready	Preview, Comment	May 4, 2026 8:40am

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: f2ff5a2c-c0cc-42d0-aa14-c9f6ca8f25c0

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/remove-middleware-preauth

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 85330883d2

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Restore pre-entry auth guard for protected /my flows

By removing the protected-route branch in middleware and always falling through to NextResponse.next(), logged-out users can now enter protected pages like /my/password and /my/apply-mentor (see apps/web/src/app/my/password/page.tsx and apps/web/src/app/my/apply-mentor/page.tsx) that do not perform an immediate auth check on mount. In this state, users can complete multi-step forms and only get redirected on submit when an authenticated API call hits the axios interceptor, causing avoidable data loss and a regression from the previous immediate login redirect behavior.

Useful? React with 👍 / 👎.