Route Protection with Middleware

Snippet

Route Protection with Middleware

Next.js Middleware runs before every request. It is the ideal place to implement authentication checks globally, ensuring that protected pages are never reached by unauthenticated users.

snippet.js
javascript
import { NextResponse } from 'next/server';
 
export function middleware(request) {
  const token = request.cookies.get('auth-token');
  const { pathname } = request.nextUrl;
 
  if (!token && pathname.startsWith('/dashboard')) {
    return NextResponse.redirect(new URL('/login', request.url));
  }
}

nextjs

Breakdown

request.cookies.get('auth-token')

Checks for the presence of an authentication cookie.

pathname.startsWith('/dashboard')

Identifies if the user is trying to access a protected route.

NextResponse.redirect(...)

Sends the user back to login if the auth check fails.

Previous snippet Next snippet

More Intermediate JavaScript exercises →

From your library

Route Protection with Middleware

Related