diff --git a/src/auth.ts b/src/auth.ts
index b8c940f..e3daa56 100644
--- a/src/auth.ts
+++ b/src/auth.ts
@@ -1,4 +1,4 @@
-import NextAuth, { NextAuthConfig } from "next-auth";
+import NextAuth, { NextAuthConfig, NextAuthResult } from "next-auth";
 import Authentik from "next-auth/providers/authentik";
 import type { Provider } from "next-auth/providers";
 
@@ -7,19 +7,6 @@ const providers: Provider[] = [
 		clientId: process.env.AUTH_AUTHENTIK_CLIENT_ID,
 		clientSecret: process.env.AUTH_AUTHENTIK_CLIENT_SECRET,
 		issuer: process.env.AUTH_AUTHENTIK_ISSUER,
-		authorization: {
-			params: {
-				scope: "openid email profile",
-			},
-		},
-		profile(profile) {
-			return {
-				id: profile.sub,
-				name: profile.name,
-				email: profile.email,
-				image: profile.picture,
-			};
-		},
 	}),
 ];
 
@@ -39,19 +26,5 @@ const config = {
 		signOut: "/signout",
 	},
 	trustHost: true,
-	// callbacks: {
-	// 	authorized({ auth, request: { nextUrl } }) {
-	// 		const isLoggedIn = !!auth?.user;
-	// 		const isOnProtectedRoute = nextUrl.pathname.startsWith("/api/ai-event");
-	//
-	// 		if (isOnProtectedRoute) {
-	// 			if (isLoggedIn) return true;
-	// 			return false;
-	// 		} else if (isLoggedIn) {
-	// 			return Response.redirect(new URL("/api/ai-event", nextUrl));
-	// 		}
-	// 		return true;
-	// 	},
-	// },
 } satisfies NextAuthConfig;
-export const { handlers, signIn, signOut, auth } = NextAuth(config);
+export const { handlers, signIn, signOut, auth }: NextAuthResult = NextAuth(config);
diff --git a/src/middleware.ts b/src/middleware.ts
new file mode 100644
index 0000000..01061c0
--- /dev/null
+++ b/src/middleware.ts
@@ -0,0 +1,25 @@
+import { auth } from "@/auth"
+
+export default auth((req) => {
+  const { nextUrl } = req
+  const isLoggedIn = !!req.auth
+
+  // Protect dashboard routes
+  // if (nextUrl.pathname.startsWith('/api') && !isLoggedIn) {
+  //   return Response.redirect(new URL('/signin', nextUrl))
+  // }
+
+  // Redirect logged-in users from sign-in page
+  if (nextUrl.pathname.startsWith('/signin') && isLoggedIn) {
+    return Response.redirect(new URL('/', nextUrl))
+  }
+})
+
+export const config = {
+  matcher: [
+    // Skip Next.js internals and all static files
+    '/((?!_next|[^?]*\\.(?:html?|css|js(?!on)|jpe?g|webp|png|gif|svg|ttf|woff2?|ico|csv|docx?|xlsx?|zip|webmanifest)).*)',
+    // Always run for API routes
+    '/(api|trpc)(.*)',
+  ],
+}