---
title: "Proxy (route protection)"
status: active
audience: [ai-agent, contributor]
language: nl
last_updated: 2026-05-08
when_to_read: "When adding or modifying route-level access control in proxy.ts."
---

# Patroon: Proxy (route protection)

In Next.js 16 hernoemd van `middleware.ts` naar `proxy.ts`, functienaam van `middleware` naar `proxy`.

```ts
// proxy.ts
import { NextResponse } from 'next/server'
import type { NextRequest } from 'next/server'
import { sessionOptions } from '@/lib/session'

const protectedRoutes = [
  '/dashboard',
  '/products',
  '/ideas',
  '/solo',
  '/jobs',
  '/insights',
  '/manual',
  '/settings',
]
const authRoutes = ['/login', '/register']

export function proxy(request: NextRequest) {
  const path = request.nextUrl.pathname
  const isProtected = protectedRoutes.some(r => path.startsWith(r))
  const isAuthRoute = authRoutes.some(r => path.startsWith(r))

  // Cookie-aanwezigheid controleren — volledige sessievalidatie in layout.tsx
  const hasSession = !!request.cookies.get(sessionOptions.cookieName)?.value

  if (isProtected && !hasSession) {
    return NextResponse.redirect(new URL('/login', request.url))
  }
  if (isAuthRoute && hasSession) {
    return NextResponse.redirect(new URL('/dashboard', request.url))
  }

  return NextResponse.next()
}

export const config = {
  matcher: ['/((?!api|_next/static|_next/image|favicon.ico).*)'],
}
```