Open ks4na opened 1 week ago
If you are simply trying to make the middleware work then you will have to do some custom work. I created middleware in my application in two ways you can check which one works for you.
import { getToken } from "next-auth/jwt";
export async function middleware(req) { const token = await getToken({ req, secret: process.env.AUTH_SECRET, // secureCookie: true, });
if (!token) { // Redirect to sign-in page if the token is not found return NextResponse.redirect(new URL("/", req.url)); }
return NextResponse.next(); }
export const config = { matcher: ["/profile", "/puzzles"], };
Make sure to set `secureCookie: true` in production and comment it in development.
3. Second way was to use the auth() helper but it sometimes fails when it is deployed to production in vercel:
```import { DEFAULT_REDIRECT, PUBLIC_ROUTES, ROOT } from '@/lib/routes';
import { auth } from './auth';
export default auth((req) => {
const { nextUrl } = req;
const isAuthenticated = !!req.auth;
const isPublicRoute = PUBLIC_ROUTES.includes(nextUrl.pathname);
if (isPublicRoute && isAuthenticated)
return Response.redirect(new URL(DEFAULT_REDIRECT, nextUrl));
if (!isAuthenticated && !isPublicRoute)
return Response.redirect(new URL(ROOT, nextUrl));
});
export const config = {
matcher: ['/((?!api|_next/static|_next/image|favicon.ico).*)'],
};
Routes:
export const ROOT = '/';
export const PUBLIC_ROUTES = ['/'];
export const DEFAULT_REDIRECT = '/profile';
To be honest I am not sure why the second approach fails sometimes but these above are the methods I used to handle the middleware.
Environment
Reproduction URL
https://github.com/ks4na/nextjs-dashboard/tree/f-auth-wrapper
Describe the issue
Hello, I’m experiencing some confusion with using auth wrapper in
middleware.ts
.If I don’t use the auth wrapper in middleware.ts and simply
export default auth;
, visiting/dashboard
without logging in correctly redirects me to/login
, as expected based on the logic inauth.config.ts -> authConfig.callbacks.authorized
. However, when using the auth wrapper, I can access/dashboard
without logging in, and thecallbacks.authorized
function does not seem to work as expected.It seems that the issue is related to the implementation in the
handleAuth
function.https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/lib/index.ts#L230-L286
The order of the two
else if
statements might need to be swapped.I'm uncertain whether this behavior is intentional or if it might be a bug.
Additionally, in the first branch, the
authorized
variable could be set totrue
, but it appears that this variable is not used later in thehandleAuth
function, I’m wondering if the logic to "prevent an infinite loop" will still work as intended. I haven’t tested it, just read the code, so please forgive me if I’m wrong.How to reproduce
Reproduction URL
pnpm install && pnpm run dev
/login
page, which is not expected since you should be redirected to/login
.middleware.ts
: comment outexport default auth(async function middleware(req: NextRequest) {
function, and uncommentexport default auth;
line, then save the changes./login
since you haven’t logged in. It’s the expected behavior.Expected behavior
when using
auth wrapper
,callbacks.authorized
works as expected.