Next.js middleware for auth gating

2377 views

                  import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';

export function middleware(req: NextRequest) {
  const { pathname } = req.nextUrl;
  const protectedRoute = pathname.startsWith('/dashboard');
  if (!protectedRoute) return NextResponse.next();

  const session = req.cookies.get('session')?.value;
  if (!session) {
    const url = req.nextUrl.clone();
    url.pathname = '/login';
    url.searchParams.set('next', pathname);
    return NextResponse.redirect(url);
  }
  return NextResponse.next();
}

export const config = {
  matcher: ['/dashboard/:path*']
};

Protecting routes at the middleware layer prevents a whole class of ‘oops, we forgot to check auth on one page’ bugs. middleware.ts runs before rendering, so unauthenticated users get redirected early and you don’t waste work. I keep the logic simple: if the path matches a protected prefix, require a session cookie and redirect to /login. I also exclude public assets and the login route itself so I don’t create redirect loops. Middleware isn’t a replacement for server-side authorization checks on APIs, but it’s a great UX improvement and it reduces accidental exposure in UI routes.

Mateo Rodriguez

More from Mateo Rodriguez

Next.js middleware for auth gating

0 Comments

More from Mateo Rodriguez