..

app/(auth)/reset-password/page.tsx

@@ -25,8 +25,8 @@ export default function ResetPasswordPage() {
             const role = data?.user?.user_metadata?.role;
             if (role !== "admin") {
               await supabase.auth.signOut();
-              // Redirect non-admins to the public chatbot site
-              window.location.href = "https://yozora721-pnp-chatbot-v1.hf.space/";
+              // Keep inside admin app
+              window.location.href = "/login?error=not_admin";
               return;
             }
           }

middleware.ts

@@ -39,8 +39,10 @@ export async function middleware(request: NextRequest) {
   const role = data?.user?.user_metadata?.role;
 
   if (!data?.user || role !== "admin") {
-    // Redirect non-admins or unauthenticated to public chatbot site
-    return NextResponse.redirect(new URL("https://yozora721-pnp-chatbot-v1.hf.space/"));
+    const url = request.nextUrl.clone();
+    url.pathname = "/login";
+    url.searchParams.set("error", "not_admin");
+    return NextResponse.redirect(url);
   }
 
   return response;

utils/signIn.ts

@@ -35,8 +35,8 @@ export async function login(email: string, password: string): Promise<LoginResul
   const role = user?.user_metadata?.role;
   if (userErr || !user || role !== "admin") {
     await supabase.auth.signOut();
-    // Redirect non-admin users to the chatbot app (public site)
-    redirect("https://yozora721-pnp-chatbot-v1.hf.space/");
+    // Keep user inside admin app; show not-admin state on login
+    redirect("/login?error=not_admin");
   }
 
   // Success and role OK: revalidate and redirect