diff --git a/middleware.ts b/middleware.ts
new file mode 100644
index 0000000..62f3e81
--- /dev/null
+++ b/middleware.ts
@@ -0,0 +1,48 @@
+import { type NextRequest, NextResponse } from 'next/server'
+import { updateSession } from '@/lib/supabase/middleware'
+
+// Routes that don't require authentication
+const publicRoutes = ['/login', '/signup', '/forgot-password', '/reset-password']
+
+// Routes that require authentication
+const protectedRoutes = ['/dashboard', '/editor']
+
+export async function middleware(request: NextRequest) {
+  const { user, supabaseResponse } = await updateSession(request)
+  const { pathname } = request.nextUrl
+
+  // Check if the current path is a public auth route
+  const isPublicRoute = publicRoutes.some(route => pathname.startsWith(route))
+
+  // Check if the current path is a protected route
+  const isProtectedRoute = protectedRoutes.some(route => pathname.startsWith(route))
+
+  // Unauthenticated users accessing protected routes -> redirect to /login
+  if (!user && isProtectedRoute) {
+    const url = request.nextUrl.clone()
+    url.pathname = '/login'
+    return NextResponse.redirect(url)
+  }
+
+  // Authenticated users accessing auth routes -> redirect to /dashboard
+  if (user && isPublicRoute) {
+    const url = request.nextUrl.clone()
+    url.pathname = '/dashboard'
+    return NextResponse.redirect(url)
+  }
+
+  return supabaseResponse
+}
+
+export const config = {
+  matcher: [
+    /*
+     * Match all request paths except for the ones starting with:
+     * - _next/static (static files)
+     * - _next/image (image optimization files)
+     * - favicon.ico (favicon file)
+     * - public folder
+     */
+    '/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)',
+  ],
+}