/ route does not go through middleware
Unanswered
Rough Collie posted this in #help-forum
![Avatar](https://cdn.discordapp.com/embed/avatars/3.png)
Rough CollieOP
I am using nextauth withauth middleware, and my static pages don't go through the middleware.
I am deploying using sst.
The effect is that you don't need to be loggedIn to access protected pages.
Any ideas where to look at?
Am i missing something, and in fact you can't have static pages protected?
App Router Next 13.5.4
"next": "^13.5.4",
"next-auth": "^4.24.5",
"sst": "2.36.7",
This is my middleware.
I am deploying using sst.
The effect is that you don't need to be loggedIn to access protected pages.
Any ideas where to look at?
Am i missing something, and in fact you can't have static pages protected?
App Router Next 13.5.4
"next": "^13.5.4",
"next-auth": "^4.24.5",
"sst": "2.36.7",
This is my middleware.
import { withAuth } from 'next-auth/middleware'
/**
* The whole website is under auth
*/
export default withAuth({
callbacks: {
authorized({ req, token }) {
console.log('🚀 ~ file: middleware.ts:9 ~ authorized ~ token:', token)
// matcher array will be only requires the user to be logged in
return !!token
},
},
pages: {
signIn: '/auth/signin',
},
})
export const config = {
matcher: [
'/',
'/imprint',
'/privacy-policy',
'/terms-and-conditions',
'/about-us',
'/contact-us',
'/dashboard',
'/data-library',
'/data-library/:path*',
'/datasets/:path*',
'/documentation',
'/ethical-oath/:path*',
'/ethics',
'/features',
'/popular-datasets',
'/similar-datasets',
],
}
13 Replies
![Avatar](https://cdn.discordapp.com/avatars/194128415954173952/708a8637ada505b6b7a85972807d9dca.webp?size=256)
Alfonsus Ardani
what are your static pages?
![Avatar](https://cdn.discordapp.com/embed/avatars/3.png)
Rough CollieOP
I don't understand the question.
I am using nextjs 13.5.4, app router
I get this from nextjs on build for them:
â—‹ (Static) automatically rendered as static HTML (uses no initial props)
I am using nextjs 13.5.4, app router
I get this from nextjs on build for them:
â—‹ (Static) automatically rendered as static HTML (uses no initial props)
![Avatar](https://cdn.discordapp.com/embed/avatars/3.png)
Rough CollieOP
More information on my reproduction steps:
Fresh deploy, i go for the first time to my website.com
I am redirected to login
I log in. I logout. I remain on website.com/ page. I am NOT redirected
Refresh. Nothing happens
Fresh deploy, i go for the first time to my website.com
I am redirected to login
I log in. I logout. I remain on website.com/ page. I am NOT redirected
Refresh. Nothing happens
![Avatar](https://cdn.discordapp.com/avatars/194128415954173952/708a8637ada505b6b7a85972807d9dca.webp?size=256)
Alfonsus Ardani
have you tried console.logging insdie your default exports
export default middleware(){
console.log("Hello")
}
and see if your static pages get run through middleware
![Avatar](https://cdn.discordapp.com/embed/avatars/3.png)
Rough CollieOP
'/' goes only the first time, on refresh it does not go through the middleware
same of other pages, if i click on <Link> they don't go through middleware, but if refresh they do ... :/
I am testing this change in my middleware, and until now it seems i get the desired effect, but destroys a cache layer:
I updated next, sst and nextauth to latest version
same of other pages, if i click on <Link> they don't go through middleware, but if refresh they do ... :/
I am testing this change in my middleware, and until now it seems i get the desired effect, but destroys a cache layer:
export default withAuth(
function middleware(req) {
const response = NextResponse.next()
response.headers.set('x-middleware-cache', 'no-cache')
response.headers.set('cache-control', 'no-cache, no-store, must-revalidate')
return response
})
I updated next, sst and nextauth to latest version
![Avatar](https://cdn.discordapp.com/avatars/743561772069421169/3c5d689eee4459a24fc420063411c016.webp?size=256)
Ray
try add this to the buildComment in your NextjsSite construct
"npx open-next@latest build"
![Avatar](https://cdn.discordapp.com/embed/avatars/0.png)
Five-striped Sparrow
Facing the same issue. I believe, when you load the site for the first time and user is not logged in, <Link > tries to prefetch the which would point to /login because middleware redirected to /login. It keeps serving the /login page even though user is authenticated. In my case, it works after 5 mins, may be because of some cache timeout setting. Did you manage to fix it? I've opened the issue here as well. https://stackoverflow.com/questions/77592464/nextjs-14-middleware-redirect-issue-user-keeps-getting-redirected-to-login-aft?noredirect=1#comment136791232_77592464
![Avatar](https://cdn.discordapp.com/embed/avatars/3.png)
Devon Rex
Facing exactly same issue. Even after session.status is authenticated, my protected page "/dashboard" is not loading and redirected to login page again. But, when I enter /dashboard in address bar, then it loads... Need proper solution.
![Avatar](https://cdn.discordapp.com/avatars/743561772069421169/3c5d689eee4459a24fc420063411c016.webp?size=256)
Ray
well, op use sst with open-next which had issue with middleware <= v2.3.1. are you using with sst too?
![Avatar](https://cdn.discordapp.com/avatars/184479429404262410/a_35db4fb943e84d39bb02d6ec0f1d0b7e.gif?size=256)
DirtyCajunRice | AppDir
1. upgrade next
2. upgrade next-auth to 5.
then let us know if you are still having issues.
2. upgrade next-auth to 5.
then let us know if you are still having issues.
![Avatar](https://cdn.discordapp.com/embed/avatars/3.png)
Devon Rex
No.
You mean next-auth beta? I am working on a production and facing this issue. Is it safe to upgrade to beta releases?