Next.js Discord

Discord Forum

/ route does not go through middleware

Unanswered
Rough Collie posted this in #help-forum
Open in Discord
Avatar
Rough CollieOP
I am using nextauth withauth middleware, and my static pages don't go through the middleware.
I am deploying using sst.
The effect is that you don't need to be loggedIn to access protected pages.
Any ideas where to look at?
Am i missing something, and in fact you can't have static pages protected?

App Router Next 13.5.4
"next": "^13.5.4",
"next-auth": "^4.24.5",
"sst": "2.36.7",

This is my middleware.

import { withAuth } from 'next-auth/middleware'

/**
 * The whole website is under auth
 */
export default withAuth({
  callbacks: {
    authorized({ req, token }) {
      console.log('🚀 ~ file: middleware.ts:9 ~ authorized ~ token:', token)
      // matcher array will be only requires the user to be logged in
      return !!token
    },
  },
  pages: {
    signIn: '/auth/signin',
  },
})

export const config = {
  matcher: [
    '/',
    '/imprint',
    '/privacy-policy',
    '/terms-and-conditions',
    '/about-us',
    '/contact-us',
    '/dashboard',
    '/data-library',
    '/data-library/:path*',
    '/datasets/:path*',
    '/documentation',
    '/ethical-oath/:path*',
    '/ethics',
    '/features',
    '/popular-datasets',
    '/similar-datasets',
  ],
}

13 Replies

Avatar
Alfonsus Ardani
what are your static pages?
Avatar
Rough CollieOP
I don't understand the question.
I am using nextjs 13.5.4, app router
I get this from nextjs on build for them:
â—‹ (Static) automatically rendered as static HTML (uses no initial props)
Avatar
Rough CollieOP
More information on my reproduction steps:

Fresh deploy, i go for the first time to my website.com
I am redirected to login
I log in. I logout. I remain on website.com/ page. I am NOT redirected
Refresh. Nothing happens
Avatar
Alfonsus Ardani
have you tried console.logging insdie your default exports
export default middleware(){
  console.log("Hello")
}

and see if your static pages get run through middleware
Avatar
Rough CollieOP
'/' goes only the first time, on refresh it does not go through the middleware
same of other pages, if i click on <Link> they don't go through middleware, but if refresh they do ... :/

I am testing this change in my middleware, and until now it seems i get the desired effect, but destroys a cache layer:
export default withAuth( function middleware(req) { const response = NextResponse.next() response.headers.set('x-middleware-cache', 'no-cache') response.headers.set('cache-control', 'no-cache, no-store, must-revalidate') return response })

I updated next, sst and nextauth to latest version
Avatar
Ray
try add this to the buildComment in your NextjsSite construct "npx open-next@latest build"
Avatar
Five-striped Sparrow
Facing the same issue. I believe, when you load the site for the first time and user is not logged in, <Link > tries to prefetch the which would point to /login because middleware redirected to /login. It keeps serving the /login page even though user is authenticated. In my case, it works after 5 mins, may be because of some cache timeout setting. Did you manage to fix it? I've opened the issue here as well. https://stackoverflow.com/questions/77592464/nextjs-14-middleware-redirect-issue-user-keeps-getting-redirected-to-login-aft?noredirect=1#comment136791232_77592464
Avatar
Devon Rex
Facing exactly same issue. Even after session.status is authenticated, my protected page "/dashboard" is not loading and redirected to login page again. But, when I enter /dashboard in address bar, then it loads... Need proper solution.
Avatar
Ray
well, op use sst with open-next which had issue with middleware <= v2.3.1. are you using with sst too?
Avatar
DirtyCajunRice | AppDir
1. upgrade next
2. upgrade next-auth to 5.
then let us know if you are still having issues.
Avatar
Devon Rex
No.
You mean next-auth beta? I am working on a production and facing this issue. Is it safe to upgrade to beta releases?