-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add middleware for protected routes #122
Conversation
IMO feels a step over the border of the scaffolding realm. |
I'd argue that is doing the same as the existing protected endpoint but for routes. Maybe removing the protected endpoint example is the real deal. I can do it if the people agree. |
97a7587
to
8e83d4c
Compare
Actually, I think you're right. It's a valuable example of a working middleware and route matcher. One thing I'd suggest is that the comment could be moved to the top, like in the restricted.ts file, so it's the first thing that the user hits, and that it spells out that it's an example, just like the other file. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works as intended. Now it's just deciding if we want this or not and I leave that to @nexxeln
I think this would be valuable. |
FWIW I find this super useful as someone who always has trouble with the semantics around auth and relies on opinionated starters like this to show me the way. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Down to include this. Would like to be way more explicit in the code, file naming etc that "this is a way to BLOCK ACCESS TO ROUTES" so we're not guiding users down this path incorrectly just because it's there
I thought about this more and it feels like something we're not building. This is more an "example", one that's already in other sample repos 🤔🤔 |
It's an example indeed. Again, the reason why I added this is because we have another example for restricted endpoints which is a copy of the next-auth protected endpoint example. I really don't know what do lol |
I think it's valuable to have both, it's common to want to protect endpoint and routes, and we already have the endpoint example |
Closing this PR as it's implying that this is the right way to do protected routes. Something that we can't really guarantee. If you're looking to do something like this please refer to next-auth official docs. Cheers! |
Hi there, on almost every next.js app I needed to add some sort of middleware to protect routes like /dashboard or /admin
What do you think of adding this middleware example on the next-auth boilerplate?
Regards.
P.S : I've also upgraded eslint-config-next to match the latest nextjs version