diff --git a/.env b/.env
index a5aa3043233953a098cc98a17bd16aec7e3af668..0bbc1bdbae0f96ac1317c590306f124d6bb8bb58 100644
--- a/.env
+++ b/.env
@@ -7,5 +7,4 @@
 # See the documentation for all the connection string options: https://pris.ly/d/connection-strings
 
 DATABASE_URL="file:./dev.db"
-JWT_SECRET=ideaswork
-NEXT_PUBLIC_BASE_URL=http://129.226.159.129:3000
\ No newline at end of file
+JWT_SECRET=ideaswork
\ No newline at end of file
diff --git a/middleware.ts b/middleware.ts
index aebacacfd0d1b8537722a7fb66c9d00a8c9efd8a..c9c79145c9d81df03b4c665a6f62c967110ea99b 100644
--- a/middleware.ts
+++ b/middleware.ts
@@ -25,11 +25,10 @@ const roleAccess: RoleAccess = {
 
 export async function middleware(request: NextRequest) {
   const { pathname } = new URL(request.url)
-  const path = pathname.replace(/\/+/g, '/').replace(/\/$/, '') || '/'
 
   // Check public paths
   const publicPathsArray = Array.from(publicPaths)
-  if (publicPathsArray.some((p: string) => path === p || path.startsWith(p + '/'))) {
+  if (publicPathsArray.some((p: string) => pathname === p || pathname.startsWith(p + '/'))) {
     return NextResponse.next()
   }
 
@@ -39,11 +38,11 @@ export async function middleware(request: NextRequest) {
   try {
     payload = token ? await verifyToken(token) : null
   } catch {
-    return path.startsWith('/login') ? NextResponse.next() : NextResponse.redirect(new URL('/login', request.url))
+    return pathname.startsWith('/login') ? NextResponse.next() : NextResponse.redirect(new URL('/login', request.url))
   }
 
   if (!payload) {
-    return path.startsWith('/login') ? NextResponse.next() : NextResponse.redirect(new URL('/login', request.url))
+    return pathname.startsWith('/login') ? NextResponse.next() : NextResponse.redirect(new URL('/login', request.url))
   }
 
   // Set user headers
@@ -53,9 +52,9 @@ export async function middleware(request: NextRequest) {
 
   // Check role access
   const role = payload.role as Role
-  const allowedPaths = roleAccess[role] || []
-  if (!allowedPaths.some((p: string) => path === p || path.startsWith(p + '/'))) {
-    return path.startsWith('/unauthorized') ? NextResponse.next() : NextResponse.redirect(new URL('/unauthorized', request.url))
+  const allowedpathnames = roleAccess[role] || []
+  if (!allowedpathnames.some((p: string) => pathname === p || pathname.startsWith(p + '/'))) {
+    return pathname.startsWith('/unauthorized') ? NextResponse.next() : NextResponse.redirect(new URL('/unauthorized', request.url))
   }
 
   return NextResponse.next({ request: { headers } })
diff --git a/next.config.mjs b/next.config.mjs
index 514c846f56d2d51cd34e7d7a3e435294b1ec138e..1b661386f01fd0b5112b5eb8b582ce5de4e0a507 100644
--- a/next.config.mjs
+++ b/next.config.mjs
@@ -1,6 +1,6 @@
 /** @type {import('next').NextConfig} */
 const nextConfig = {
-    assetPrefix: process.env.NEXT_PUBLIC_BASE_URL,
+    assetPrefix: '',
     basePath:  '',
     trailingSlash: false, // 禁用尾部斜杠
     experimental: {