request.locals.* should be sveltekit lol
try

  return NextResponse.next({ headers: {} })

Nextresponse.next({ locals: { userId } }) does not work. request.locals in the route handler comes back as undefined.

there is no locals

Correct, but I want to be able to bind a new property to request to be used in the handler. It's a common pattern

For instance, here's how Express uses locals:
https://expressjs.com/en/5x/api.html#app.locals

are you using custom server with express?

No, I'm using the built in node server with Next with AuthJS. But I think you're missing the point

yeah I don't get it

and I don't think you could do that with next

I think you used to be able to, just not sure on how to do it these days

you may be able to use it with page router but I don't think you can bind the data from middleware

and Im pretty sure you cant do that with app router

Fair enough, was just trying to avoid reaching out to the database to get the user twice

rather than just verifying and getting in middleware then binding to request, then accessing that property in the API route

yeah, most people trying to avoid that but we're still not able to find away

you could pass some information with header tho

yeah, thought about that. just seems a bit hacky

you might be interested in this [discussion](https://github.com/vercel/next.js/discussions/63775)

That discussion seems to be around frontend such as layouts and components. I'm talking about route handlers

for route handler, why would you need to hit the middlware first?

to have guarded routes?

just do that inside

You've missed the point again

I want to get access to the currently authenticated user without querying the database twice

This only gives you access to the user while within the middleware scope, not within the request handler?

well but we can't do that yet

That's my point

middleware should be handling redirection

I don't think a route handler would need redirection

Exactlyyyy

and nextjs is focused on serverless platform, middleware is running on edge runtime

the middleware protects a group of API routes against unauthenticated users. but what if i need access to the current user's ID for database operations from within the route?

I'm not sure you're quite understanding what you're talking about

I don't think you need middleware for route handler

that would mean putting middleware on many-many routes

single source of truth would say to put it in one place and have it waterfall down

wait, i misread

why wouldn't i need to guard my API routes?

if say, i'm updating user details, i need to protect my routes so we know which user to update?

and to stop other users from updating anyone

why would you need to guard the api route in middleware?

huh

I mean just handle it in the api route

HUHU

nevermind

my fella, just leave it here