Edge-Based Route Protection in Middleware

Snippet

Edge-Based Route Protection in Middleware

Middleware runs before a request is completed. It is the ideal place to implement authentication checks globally, ensuring that protected routes are never even rendered for unauthorized users.

snippet.js
javascript
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
 
export function middleware(request: NextRequest) {
  const token = request.cookies.get('auth-token');
  if (!token && request.nextUrl.pathname.startsWith('/dashboard')) {
    return NextResponse.redirect(new URL('/login', request.url));
  }
  return NextResponse.next();
}

nextjs

Breakdown

request.cookies.get('auth-token')

Efficiently accesses cookies directly at the edge without hitting the origin server.

request.nextUrl.pathname.startsWith('/dashboard')

Checks if the user is trying to access a protected route segment.

NextResponse.redirect(...)

Immediately redirects the user to the login page if the authentication check fails.

Previous snippet Next snippet

More Intermediate JavaScript exercises →

From your library

Edge-Based Route Protection in Middleware

Related