🚀 Initial commit - PDIMaker v1.0.0

Sistema completo de gestão de PDI com:
- Autenticação com email/senha e Google OAuth
- Workspaces privados isolados
- Sistema de convites com código único
- Interface profissional com Next.js 14
- Backend NestJS com PostgreSQL
- Docker com Nginx e SSL

Desenvolvido por Sergio Correa

frontend/middleware.ts

@@ -0,0 +1,57 @@
+// middleware.ts
+import { NextResponse } from "next/server"
+import type { NextRequest } from "next/server"
+import { getToken } from "next-auth/jwt"
+
+export async function middleware(req: NextRequest) {
+  const { pathname } = req.nextUrl
+  
+  // Rotas públicas
+  const publicRoutes = ["/", "/login", "/about", "/api/auth", "/test.html"]
+  const isPublicRoute = publicRoutes.some(route => pathname.startsWith(route))
+  
+  if (isPublicRoute) {
+    return NextResponse.next()
+  }
+  
+  // Verificar autenticação
+  const token = await getToken({ 
+    req, 
+    secret: process.env.NEXTAUTH_SECRET 
+  })
+  
+  // Requer autenticação
+  if (!token) {
+    const loginUrl = new URL("/login", req.url)
+    loginUrl.searchParams.set("callbackUrl", pathname)
+    return NextResponse.redirect(loginUrl)
+  }
+  
+  // Proteção de workspace
+  if (pathname.startsWith("/workspace/")) {
+    const slug = pathname.split("/")[2]
+    
+    if (slug && token.workspaces) {
+      const workspaces = token.workspaces as any
+      const allWorkspaces = [
+        ...(workspaces.asEmployee || []),
+        ...(workspaces.asManager || [])
+      ]
+      
+      const hasAccess = allWorkspaces.some((w: any) => w.slug === slug)
+      
+      if (!hasAccess) {
+        return NextResponse.redirect(new URL("/unauthorized", req.url))
+      }
+    }
+  }
+  
+  return NextResponse.next()
+}
+
+export const config = {
+  matcher: [
+    "/((?!api/auth|_next/static|_next/image|favicon.ico|public).*)"
+  ]
+}
+