Suggestions for auth middleware.
Unanswered
Brown bear posted this in #help-forum
Brown bearOP
I am using NextAuth for authentication but I need some suggestions about best practices.
This is my config for the middleware. So the middleware will invoke for all the routes. I created an array that contains all the public routes.
First, I am checking if the route is public route then user can visit without login. But all routes other than public routes are protected by middleware, so a user cannot view any other than public routes without login. But if user tries to visit a non-existing route the middleware will redirect the user in signin page instead of 404 page. User needs to log in to view this page is existing or not.
I want to know what best practices are.
export const config = {
matcher: ['/((?!.+\\.[\\w]+$|_next).*)', '/', '/(api|trpc)(.*)'],
};This is my config for the middleware. So the middleware will invoke for all the routes. I created an array that contains all the public routes.
First, I am checking if the route is public route then user can visit without login. But all routes other than public routes are protected by middleware, so a user cannot view any other than public routes without login. But if user tries to visit a non-existing route the middleware will redirect the user in signin page instead of 404 page. User needs to log in to view this page is existing or not.
I want to know what best practices are.