feat: 添加生产环境配置，重构 API 请求，更新部署脚本和配置

middleware.ts

@@ -1,11 +1,14 @@
 import { NextRequest, NextResponse } from 'next/server'
 
+const basePath = '/studio'
+
 export async function middleware(request: NextRequest) {
   const { pathname } = request.nextUrl
 
-  // Allow auth API routes and static files
+  // Allow all API routes and static files
+  // Note: pathname does NOT include basePath when basePath is configured
   if (
-    pathname.startsWith('/api/auth') ||
+    pathname.startsWith('/api/') ||
     pathname.startsWith('/_next') ||
     pathname.startsWith('/favicon') ||
     pathname.includes('.')
@@ -19,10 +22,12 @@ export async function middleware(request: NextRequest) {
   }
 
   // Check if session cookie exists (simple check, full validation happens in server)
+  // Better Auth adds "__Secure-" prefix when served over HTTPS
   const sessionToken = request.cookies.get('better-auth.session_token')
+    || request.cookies.get('__Secure-better-auth.session_token')
 
   if (!sessionToken?.value) {
-    const loginUrl = new URL('/login', request.url)
+    const loginUrl = new URL(`${basePath}/login`, request.url)
     loginUrl.searchParams.set('callbackUrl', pathname)
     return NextResponse.redirect(loginUrl)
   }
@@ -31,5 +36,5 @@ export async function middleware(request: NextRequest) {
 }
 
 export const config = {
-  matcher: ['/((?!api/auth|_next/static|_next/image|favicon.ico).*)'],
+  matcher: '/:path*',
 }