fix: remove nextjs auth middleware and provide a guide instead (#346)

2025-12-09 20:27:44 +00:00 · 2024-10-26 16:46:08 +03:00
parent 8a751b8524
commit d4c4c0b9e9
3 changed files with 39 additions and 103 deletions
--- a/demo/nextjs/middleware.ts
+++ b/demo/nextjs/middleware.ts
@@ -1,17 +1,22 @@
-import { authMiddleware } from "better-auth/next-js";
-import { NextResponse } from "next/server";
-import { auth } from "@/lib/auth";
+import { client } from "@/lib/auth-client";
+import { NextRequest, NextResponse } from "next/server";

-export default authMiddleware({
-	customRedirect: async (session, request) => {
-		const baseURL = request.nextUrl.origin;
-		if (request.nextUrl.pathname === "/dashboard" && !session) {
-			return NextResponse.redirect(new URL("/sign-in", baseURL));
-		}
-		return NextResponse.next();
+export default async function authMiddleware(request: NextRequest) {
+	const { data: session } = await client.getSession({
+		fetchOptions: {
+			headers: {
+				//get the cookie from the request
+				cookie: request.headers.get("cookie") || "",
+			},
 		},
 	});

+	if (!session) {
+		return NextResponse.redirect(new URL("/", request.url));
+	}
+	return NextResponse.next();
+}
+
 export const config = {
-	matcher: ["/dashboard", "/sign-in"],
+	matcher: ["/dashboard"],
 };
--- a/docs/content/docs/integrations/next.mdx
+++ b/docs/content/docs/integrations/next.mdx
@@ -78,43 +78,33 @@ export async function ServerComponent() {
 }
 ```

-
 ## Middleware

-You can use the `authMiddleware` to protect your routes. It's a wrapper around the Next.js middleware.
+In Next.js, middleware doesn’t have access to many Node APIs, so you can’t use the usual `auth` instance to validate sessions directly. Instead, you can use `authClient` and pass in the request’s cookies to check if a session is valid.

-```ts  title="middleware.ts"s
-import { authMiddleware } from "better-auth/next-js"
-
-export default authMiddleware({
-    redirectTo: "/sign-in" // redirect to this path if the user is not authenticated
-})
-
-export const config = {
-  matcher: ['/dashboard/:path*'],
-}
-```
-
-you can also pass custom redirect function
+Here’s how it looks:

 ```ts
-import { authMiddleware } from "better-auth/next-js";
-import { NextResponse } from "next/server";
+import { authClient } from "@/lib/auth-client";
+import { NextRequest, NextResponse } from "next/server";

-export default authMiddleware({
-	customRedirect: async (session, request) => {
-		const baseURL = request.nextUrl.origin;
-		if (request.nextUrl.pathname === "/sign-in" && session) {
-			return NextResponse.redirect(new URL("/dashboard", baseURL));
-		}
-		if (request.nextUrl.pathname === "/dashboard" && !session) {
-			return NextResponse.redirect(new URL("/sign-in", baseURL));
-		}
-		return NextResponse.next();
+export default async function authMiddleware(request: NextRequest) {
+    const { data: session } = await authClient.getSession({
+        fetchOptions: {
+            headers: {
+                //get the cookie from the request
+                cookie: request.headers.get("cookie") || "",
+            },
        },
    });

+    if (!session) {
+        return NextResponse.redirect(new URL("/", request.url));
+    }
+    return NextResponse.next();
+}
+
 export const config = {
-	matcher: ["/dashboard", "/sign-in"],
+    matcher: ["/dashboard/:path*"],
 };
 ```
--- a/packages/better-auth/src/integrations/next-js.ts
+++ b/packages/better-auth/src/integrations/next-js.ts
@@ -1,9 +1,3 @@
-import { betterFetch } from "@better-fetch/fetch";
-import type { Auth } from "../auth";
-import type { Session, User } from "../db/schema";
-import { NextRequest, NextResponse } from "next/server";
-import { env } from "std-env";
-
 export function toNextJsHandler(
 	auth:
 		| {
@@ -19,56 +13,3 @@ export function toNextJsHandler(
 		POST: handler,
 	};
 }
-
-/**
- * Middleware that checks if the user is authenticated.
- * If not, it redirects to the redirectTo URL.
- */
-export function authMiddleware(options: {
-	/**
-	 * The base path of the auth API
-	 * @default "/api/auth"
-	 */
-	basePath?: string;
-	/**
-	 * The URL to redirect to if the user is not authenticated
-	 * @default "/"
-	 */
-	redirectTo?: string;
-	/**
-	 * A custom redirect function
-	 */
-	customRedirect?: (
-		session: {
-			user: User;
-			session: Session;
-		} | null,
-		request: NextRequest,
-	) => Promise<any>;
-}) {
-	return async (request: NextRequest) => {
-		const baseUrl = env.BETTER_AUTH_URL || new URL(request.url).origin;
-		const basePath = options?.basePath || "/api/auth";
-		const fullURL = `${baseUrl}${basePath}/get-session`;
-
-		const res = await betterFetch<{
-			session: Session;
-			user: User;
-		}>(fullURL, {
-			headers: {
-				cookie: request.headers.get("cookie") || "",
-			},
-		}).catch((e) => {
-			return { data: null };
-		});
-
-		const session = res.data || null;
-		if (options.customRedirect) {
-			return options.customRedirect(session, request);
-		}
-		if (!session) {
-			return NextResponse.redirect(new URL(options.redirectTo || "/", baseUrl));
-		}
-		return NextResponse.next();
-	};
-}