How to protect route handler in nextJS v14 app dir

rationem · November 17, 2023, 7:32am

Hi,

On upgrading from pages router to app router I can no longer use the below in route.ts
export default withApiAuthRequired(....
NextJs is expecting a named export of GET, POST, PUT, PATCH, or DELETE.

How do I protect the route handler and get the session id. I expected an unauthorised error from the route handler if the user is not logged in

Thanks

eNBee · November 17, 2023, 10:20am

Why don’t you use the middleware protection?

middleware.ts - in your project route:

import { withMiddlewareAuthRequired } from "@auth0/nextjs-auth0/edge";

export default withMiddlewareAuthRequired();

export const config = {
  matcher: "/dashboard/:path*",
};

rationem · November 17, 2023, 6:19pm

The issue is that under app router the route handler called from Client only page has a directory with a file called route.ts. This can be called with by entering the path in web browser. NextJs requires the file to have named export following as the rest directives - GET, POST etc

Topic		Replies	Views
getSession unable to authenticate user in NextJS server-side Help nextjs-auth0 , sdks-quickstarts	3	2595	December 20, 2023
Next.js SDK How to keep route handler on another route than /api/auth? Help nextjs-auth0 , sdks-quickstarts	1	579	January 11, 2024
Can't authenticate Nextjs 13 (app router) api routes using the Auth0 withMiddlewareAuthRequired Help login-experience , new-universal-login-experience	0	951	December 10, 2023
Nextjs-auth0 use withMiddlewareAuthRequired() within a middleware function? Help configuration , application	1	1869	April 25, 2024
Protect Page Route in NextJS Help auth0 , nextjs	4	6324	August 15, 2020

How to protect route handler in nextJS v14 app dir

Related topics