How to protect route handler in nextJS v14 app dir


On upgrading from pages router to app router I can no longer use the below in route.ts
export default withApiAuthRequired(....
NextJs is expecting a named export of GET, POST, PUT, PATCH, or DELETE.

How do I protect the route handler and get the session id. I expected an unauthorised error from the route handler if the user is not logged in


Why don’t you use the middleware protection?

middleware.ts - in your project route:

import { withMiddlewareAuthRequired } from "@auth0/nextjs-auth0/edge";

export default withMiddlewareAuthRequired();

export const config = {
  matcher: "/dashboard/:path*",

The issue is that under app router the route handler called from Client only page has a directory with a file called route.ts. This can be called with by entering the path in web browser. NextJs requires the file to have named export following as the rest directives - GET, POST etc