You can store it in the header if it related to that

And do next()

@Gordiac don't transfer any data especially auth data from the middleware to the pages. It can be intercepted.. there isn't any server side way to transfer data. The only way being headers which can be read and modified by the client.

It's better to make a resuable function and call that in every page that you need the auth data in

Well , wouldn't this cause a lot of performance loss ? Wouldn't it be more logical to place the regularly reviewed data in jwt instead of examining a user in every request ?

nope actually, basically how you would do auth, is you store basic user data like the id, name etc in a jwt.. and then in every page that needs it, you just decrypt the jwt... it wont reduce much performance + you are trading security for dx and a tiny decrease in speed

its a highly discussed thing on the discord.

Okay, then I have two questions for you now,

Is it possible to define more than one middleware?

and

You mentioned that the data transferred with a middleware can be stolen by attackers, so how is this possible?

it can be viewed + edited quite easily

also no, currently you can only have 1 middleware

Come on, that's bad. 😦

this is how easy it is to see + edit your headers

its just a basic extension and just scroll to the bottom to any network request

you can just have the middleware run on every request to every path, and do early returns / path checking

Then you need to open tokens in the api instead of middleware

Because I will do some additional checks rather than general checks

elaborate

you can just check cookies in any server component

they all have access to cookies and headers via cookies() and headers()