createAuthMiddleware() - Full route protection with redirectsauthMiddleware() - Simple authentication check without enforcementfunction createAuthMiddleware(config: MiddlewareConfig): Middleware;interface MiddlewareConfig {
authConfig: AuthSafeConfig;
protectedRoutes?: (string | RegExp)[];
publicRoutes?: (string | RegExp)[];
signInUrl?: string;
beforeRedirect?: (req: NextRequest) => void | Promise<void>;
}authConfig - AuthSafe configuration (clientId, domain, etc.)protectedRoutes - Routes requiring authenticationpublicRoutes - Routes accessible without auth (takes precedence)signInUrl - Where to redirect unauthenticated users (default: /api/auth/signin)beforeRedirect - Callback before redirecting (e.g., logging)// middleware.ts
import { createAuthMiddleware } from 'authsafe-nextjs/server';
export default createAuthMiddleware({
authConfig: {
clientId: process.env.NEXT_PUBLIC_AUTHSAFE_CLIENT_ID!,
domain: process.env.NEXT_PUBLIC_AUTHSAFE_DOMAIN!,
},
protectedRoutes: ['/dashboard', '/profile', '/settings'],
publicRoutes: ['/', '/about', '/pricing'],
signInUrl: '/api/auth/signin',
});
export const config = {
matcher: ['/((?!api|_next/static|_next/image|favicon.ico).*)'],
};// middleware.ts
import { createAuthMiddleware } from 'authsafe-nextjs/server';
export default createAuthMiddleware({
authConfig: {
clientId: process.env.NEXT_PUBLIC_AUTHSAFE_CLIENT_ID!,
domain: process.env.NEXT_PUBLIC_AUTHSAFE_DOMAIN!,
},
protectedRoutes: [
'/dashboard',
/^\/admin/, // All /admin/* routes
/^\/api\/protected/, // Protected API routes
],
publicRoutes: [
'/',
'/about',
/^\/blog/, // All /blog/* routes
],
});
export const config = {
matcher: ['/((?!api/auth|_next/static|_next/image|favicon.ico).*)'],
};// middleware.ts
import { createAuthMiddleware } from 'authsafe-nextjs/server';
export default createAuthMiddleware({
authConfig: {
clientId: process.env.NEXT_PUBLIC_AUTHSAFE_CLIENT_ID!,
domain: process.env.NEXT_PUBLIC_AUTHSAFE_DOMAIN!,
},
protectedRoutes: ['/dashboard', /^\/admin/],
publicRoutes: ['/'],
signInUrl: '/api/auth/signin',
beforeRedirect: async (req) => {
// Log unauthorized access attempt
console.log(`Unauthorized access attempt: ${req.nextUrl.pathname}`);
// Send analytics event
await fetch('https://analytics.example.com/track', {
method: 'POST',
body: JSON.stringify({ path: req.nextUrl.pathname }),
});
},
});
export const config = {
matcher: ['/((?!api|_next/static|_next/image|favicon.ico).*)'],
};// middleware.ts
import { createAuthMiddleware } from 'authsafe-nextjs/server';
export default createAuthMiddleware({
authConfig: {
clientId: process.env.NEXT_PUBLIC_AUTHSAFE_CLIENT_ID!,
domain: process.env.NEXT_PUBLIC_AUTHSAFE_DOMAIN!,
},
protectedRoutes: ['/'], // Protect everything
publicRoutes: ['/', '/about', '/pricing', '/blog', /^\/blog\//],
});
export const config = {
matcher: ['/((?!api|_next/static|_next/image|favicon.ico).*)'],
};function authMiddleware(authConfig: AuthSafeConfig): Middleware;// middleware.ts
import { authMiddleware } from 'authsafe-nextjs/server';
export default authMiddleware({
clientId: process.env.NEXT_PUBLIC_AUTHSAFE_CLIENT_ID!,
domain: process.env.NEXT_PUBLIC_AUTHSAFE_DOMAIN!,
});
export const config = {
matcher: ['/((?!api|_next/static|_next/image|favicon.ico).*)'],
};// app/api/route.ts
import { NextRequest } from 'next/server';
export async function GET(request: NextRequest) {
const isAuthenticated =
request.headers.get('x-authsafe-authenticated') === '1';
if (!isAuthenticated) {
return Response.json({ error: 'Unauthorized' }, { status: 401 });
}
return Response.json({ data: 'Protected data' });
}protectedRoutes: [
'/dashboard', // Exact match or any sub-path
'/profile', // /profile, /profile/edit, etc.
'/settings',
];protectedRoutes: [
/^\/admin/, // All /admin/* routes
/^\/api\/user/, // All /api/user/* routes
/\/private$/, // Any route ending with /private
];{
protectedRoutes: ['/'], // Protect everything
publicRoutes: ['/', '/about'], // Except these
}matcher to exclude static assets and API routes:
export const config = {
matcher: [
/*
* Match all request paths except:
* - api (API routes)
* - _next/static (static files)
* - _next/image (image optimization)
* - favicon.ico (favicon file)
*/
'/((?!api|_next/static|_next/image|favicon.ico).*)',
],
};export const config = {
matcher: ['/((?!api/auth|_next/static|_next/image|favicon.ico).*)'],
};// middleware.ts
import { createAuthMiddleware } from 'authsafe-nextjs/server';
export default createAuthMiddleware({
authConfig: {
clientId: process.env.NEXT_PUBLIC_AUTHSAFE_CLIENT_ID!,
domain: process.env.NEXT_PUBLIC_AUTHSAFE_DOMAIN!,
},
protectedRoutes: [
/^\/dashboard/,
/^\/workspace/,
/^\/settings/,
/^\/org\/.+\/admin/, // Organization admin pages
],
publicRoutes: ['/', '/pricing', '/features', /^\/blog/, /^\/docs/],
signInUrl: '/signin',
beforeRedirect: async (req) => {
console.log(`[Auth] Redirecting ${req.nextUrl.pathname} to signin`);
},
});
export const config = {
matcher: ['/((?!api/auth|_next|favicon.ico|public).*)'],
};// middleware.ts
import { createAuthMiddleware } from 'authsafe-nextjs/server';
export default createAuthMiddleware({
authConfig: {
clientId: process.env.NEXT_PUBLIC_AUTHSAFE_CLIENT_ID!,
domain: process.env.NEXT_PUBLIC_AUTHSAFE_DOMAIN!,
},
protectedRoutes: [
'/app', // Main app
'/billing', // Billing pages
'/team', // Team management
'/integrations', // Integrations
],
publicRoutes: ['/', '/pricing', '/about', '/contact', /^\/blog/, /^\/help/],
signInUrl: '/login',
});
export const config = {
matcher: [
'/((?!api/auth|_next/static|_next/image|favicon.ico|.*\\.(?:jpg|jpeg|png|gif|svg|webp)).*)',
],
};beforeRedirect for security monitoringmatcher config is correct:
export const config = {
matcher: ['/((?!api|_next/static|_next/image|favicon.ico).*)'],
};{
protectedRoutes: ['/dashboard'],
signInUrl: '/api/auth/signin', // ✅ Not protected
}{
protectedRoutes: ['/'],
publicRoutes: ['/api/auth/signin'], // ✅ Explicitly public
signInUrl: '/api/auth/signin',
}