npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@triyanox/next-middleware

v0.1.5

Published

The cleanest way to protect your Next.js routes with a middleware

Downloads

45

Readme

Next.js Route Protection with @triyanox/next-middleware

@triyanox/next-middleware is a user-friendly, type-safe package designed for route protection in your Next.js applications. It can be applied to pages, apps routes, and API routes.

Installation

You can install the package using your preferred package manager:

# pnpm
pnpm add @triyanox/next-middleware

# bun
bun add @triyanox/next-middleware

# npm
npm install @triyanox/next-middleware

# Yarn
yarn add @triyanox/next-middleware

How to Use

Here are the steps to effectively use @triyanox/next-middleware for route protection:

  1. Define the Data Type for Route Checks

Firstly, you need to specify the type of data that will be used for route checks. Here we use User as an example, but you can replace it with your own data type.

type Data = User; // Replace User with your own data type
  1. Import Dependencies

Next, import the Middleware class, the RuleFunction type, and the Routes type from the package. If you wish, you can also import the routes object from @triyanox/next-routes to generate the routes object. Nonetheless, you can provide your own routes object or type as long as it fulfills the Routes type.

import Middleware, { RuleFunction, Routes } from "@triyanox/next-middleware";
import { routes } from "@/lib/link$";

To use @triyanox/next-routes for generating the routes, refer to the documentation for more information.

  1. Define Route Protection Rules

You will then define the rules for route protection using the RuleFunction type. For cleaner code, you can define these rules in separate files and import them into the main file. You can also define rules for specific routes using the RuleFunction type with the route path as the third type argument for added type safety.

The RuleFunction type has three type arguments:

  • Data: The type of data for route checks.
  • Routes: The type of the routes object.
  • Path (optional): The path of the route for type safety.

The RuleFunction type takes an object with the following properties:

  • data: The data for route checks.
  • next: A function to proceed to the next rule or route.
  • redirect: A function to redirect to a specific route.
  • params: An object containing the route parameters if the rule is for a specific dynamic route.
  • path: The current path of the route.

These rules can be asynchronous functions. Here's an example of defining rules:

const isLoggedIn: RuleFunction<Data, typeof routes> = ({ data, next, redirect }) => {
  if (data) {
    return next();
  } else {
    return redirect("/login");
  }
};

const isAdmin: RuleFunction<Data, typeof routes> = ({ data, next, redirect }) => {
  if (data.role === "ADMIN") {
    return next();
  } else {
    return redirect("/login");
  }
};

const isOwnWorkspace: RuleFunction<Data, typeof routes, '/dashboard/workspaces/[workspaceId]'> = ({
  data,
  next,
  redirect,
  params,
}) => {
  if (data.workspaces.includes(params.workspaceId)) {
    return next();
  } else {
    return redirect("/login");
  }
};
  1. Construct the Middleware and Perform Checks

Create a middleware using the Middleware class and perform the route checks. The Middleware class needs:

  • Routes: The type of the routes object.
  • Data: The type of data for route checks.

It also takes an object with the following properties:

  • fetch: An async function to fetch the data for route checks, which will be passed to the rules.
  • rules: An object where the keys are the paths of the routes and the values are arrays of rules for the routes. The paths can be specific routes or route patterns (We support wildcard paths for the current version we plan to add regex support in the future).
  • authPaths: An array of base paths where the rules should be applied.
  • onError: An async function to handle errors and redirects.

Here's an example of constructing the middleware:

import env from "@/env";
import { NextResponse } from "next/server";
import { isNotLoggedIn, isLoggedIn, isAdmin, isOwnWorkspace } from "@/lib/rules";
import { routes } from "@/lib/link$";
import type { Data } from "@/types";
import Middleware from "@triyanox/next-middleware";

const middleware = new Middleware<typeof routes, Data>({
  fetch: async (req) => {
    // Fetch and return the data for route checks
    // call an API or a serverless function/db to fetch the data (note that the middleware file is not running on a node.js environment so you can't use things like prisma, mongoose, etc. directly in my case I make an API call to fetch the data)
  },
  rules: {
    "/login": [isNotLoggedIn],
    "/dashboard/*": [isLoggedIn, isAdmin],
    "/dashboard/workspaces/[workspaceId]/*": [isLoggedIn, isAdmin, isOwnWorkspace],
  },
  authPaths: ["/login", "/dashboard"],
  onError: async (req) => {
    // Handle errors and redirects
    const path = new URL(req.url).pathname;
    if (path === "/login") {
      return NextResponse.next();
    }
    return NextResponse.redirect(env.NEXT_PUBLIC_URL + "/login");
  },
});
  1. Export the Middleware

Finally, export the middleware and the config object for use in your Next.js app. In this example, we bind the handle method to the middleware instance and export it as the default export. However, you can create your own handler function and export it by wrapping the middleware instance in your function.

export default middleware.handle.bind(middleware);

export const config = {
  matcher: ["/((?!api/|_next/|_proxy/|_static|_vercel|[\\w-]+\\.\\w+).*)"],
};

License

This project is licensed under the MIT License - see the LICENSE file for details.

Contributions

We welcome contributions! Feel free to open an issue or submit a pull request if you have ideas or suggestions for improvement.