[SDK-3554] Next.js Middlware support

[adamjmcgrath]

• All new/changed/fixed functionality is covered by tests (or N/A)
• I have added documentation for all new/changed functionality (or N/A)

📋 Changes

Added a new withMiddlwareAuthRequired helper, to protect routes using middleware.

To protect all your routes:

// middleware.js
import { withMiddlewareAuthRequired } from '@auth0/nextjs-auth0/middleware';

export default withMiddlewareAuthRequired();

To protect specific routes:

// middleware.js
import { withMiddlewareAuthRequired } from '@auth0/nextjs-auth0/middleware';

export default withMiddlewareAuthRequired();

export const config = {
  matcher: '/about/:path*',
}

For more info see: https://nextjs.org/docs/advanced-features/middleware#matching-paths

To run custom middleware for authenticated users:

// middleware.js
import { withMiddlewareAuthRequired, getSession } from '@auth0/nextjs-auth0/middleware';

export default withMiddlewareAuthRequired(async function middleware(req) {
  const res = NextResponse.next();
  const user = await getSession(req, res);
  res.cookies.set('hl', user.language);
  return res;
});

📎 References

See #525
https://nextjs.org/docs/advanced-features/middleware

🎯 Testing

Run kitchen-sink example app
Visit http://localhost:3000/profile-mw

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment

Name	Status	Preview	Updated
nextjs-auth0	⬜️ Ignored (Inspect)		Sep 13, 2022 at 6:24AM (UTC)

[adamjmcgrath]

New coverage instrumenter c8 doesn't like files with only TS definitions. (was needed because istanbul instrumented code doesn't run on edge-runtime)

[adamjmcgrath]

Joi.binary (Buffer check) doesn't work on Edge MW

[adamjmcgrath]

Whitespace changes from eslint --fix

[Widcket]

LGTM, just a couple minor suggestions.

[Widcket]

Since this is a lone .js file, doesn't it need type defs?

[adamjmcgrath]

hmm, good point - I didn't realise you had to do that. Will fix

[Widcket]

You also have to include the typings file here –otherwise it will not be present in the package because it's not inside src or dist.

[adamjmcgrath]

d'oh, yep - good point 👍

[Widcket]

Sorry, just noticed that the typings file also needs to be included in the files array in the package.json –otherwise it will not be present in the package because it's not inside src or dist.

[Jared-Dev]

Not sure if this is the correct place to put this, but I believe I'm seeing some typing issues with the latest version of Next on the vNext branch.

When using a copy/paste example from the Next docs I'm seeing the below.

[adamjmcgrath]

Hi @Jared-Dev - thanks for testing this out!

Looks like you're using npm link and the version of next installed in Sites/packages/nextjs-auth0 is incompatible with the version installed in Sites/ox-portal/ - if you use npm pack to package the SDK (or install from npm when the beta is available - v soon) you will only have one next dependency so shouldn't run into this problem.

[divmgl]

This is not working as intended for redirects, for some reason. We'll need a test around this as well. See #874.

Suggested change

	return NextResponse.next({ ...res, headers });
	return NextResponse.next({ ...res, headers, status: res.status });

I really am at a loss as to why this is happening, given that ...res should bringing in the status property already... Here's the transpiled version:

                return [
                  2 /*return*/,
                  server_1.NextResponse.next(
                    tslib_1.__assign(tslib_1.__assign({}, res), {
                      headers: headers,
                      status: res.status
                    })
                  )
                ]