Implement middleware for route protection

Add middleware for route protection based on user session.
2026-04-24 22:12:40 +02:00 · 2026-04-24 22:12:40 +02:00 · 895930a744
commit 895930a744
parent 1d33b1f7dc
1 changed files with 33 additions and 0 deletions
--- a/patterns/middleware.md
+++ b/patterns/middleware.md
@ -0,0 +1,33 @@
+# Patroon: Middleware (route protection)
+
+```ts
+// middleware.ts
+import { NextResponse } from 'next/server'
+import type { NextRequest } from 'next/server'
+import { getIronSession } from 'iron-session'
+import { SessionData, sessionOptions } from '@/lib/session'
+
+const protectedRoutes = ['/dashboard', '/products', '/todos', '/settings']
+const authRoutes = ['/login', '/register']
+
+export async function middleware(request: NextRequest) {
+  const response = NextResponse.next()
+  const session = await getIronSession<SessionData>(request.cookies, sessionOptions)
+
+  const isProtected = protectedRoutes.some(r => request.nextUrl.pathname.startsWith(r))
+  const isAuthRoute = authRoutes.some(r => request.nextUrl.pathname.startsWith(r))
+
+  if (isProtected && !session.userId) {
+    return NextResponse.redirect(new URL('/login', request.url))
+  }
+  if (isAuthRoute && session.userId) {
+    return NextResponse.redirect(new URL('/dashboard', request.url))
+  }
+
+  return response
+}
+
+export const config = {
+  matcher: ['/((?!api|_next/static|_next/image|favicon.ico).*)'],
+}
+```