DEV Community

Cover image for Building a middleware with Nextjs
Candie
Candie

Posted on

Building a middleware with Nextjs

In this short article, i will be writing about how to build a middleware with nextjs.

I recently built a full blown backend service with nextjs, and i was really blown away with how far gone nextjs is.

You need to have basic knowledge of javascript and nodejs to follow this article.

To get started, you need to

1. Create a nextjs project from your terminal using the command below

npx create-next-app@latest
Enter fullscreen mode Exit fullscreen mode

After running this command, you will get some prompt to configure your project, do that.

After creating the project,

2. Install necessary dependencies by running npm install in your terminal

We will be installing just one package library for authentication, which is jose, an alternative could have been jsonwebtoken, but nextjs middleware runs on the browser, so the edge runtime doesn't implement a bunch of Node.js APIs

3. Start your project in development mode using the command below
npm run dev

4. Create a middleware.js file
Create a middleware.js file at the root of your project, if you're using the /src directory, create the file inside the /src directory

5. Export a middleware function from the file

// /middleware.js

export const middleware = async (req) => {
   try {
   } catch(error){
   console.log(error)
   }
}

Enter fullscreen mode Exit fullscreen mode

6. Extract token from request header

// /middleware.js

import { NextResponse } from 'next/server'

export const middleware = async (req) => {
   try {
    const header = req.headers.get('authorization');
        if(!header) return NextResponse.json({
             status:'error'
             statusCode: 400,
             message:'unauthenticated'
         })

   const token = header.split(" ")[1];
        if(!token) return NextResponse.json({
             status:'error'
             statusCode: 401,
             message:'You are not logged in'
         })
   } catch(error){
   console.log(error)
   }
}

Enter fullscreen mode Exit fullscreen mode

7. Verify the token using jose

// /middleware.js

import { NextResponse } from 'next/server';
import * as jose from 'jose'

export const middleware = async (req) => {
   try {
    const header = req.headers.get('authorization');
        if(!header) return NextResponse.json({
             status:'error'
             statusCode: 400,
             message:'unauthenticated'
         })

   const token = header.split(" ")[1];
        if(!token) return NextResponse.json({
             status:'error'
             statusCode: 401,
             message:'You are not logged in'
         })
    const { payload } = await jose.jwtVerify(
      token,
      new TextEncoder().encode(process.env.NEXT_PUBLIC_JWT_KEY)
    );

// your encoded data will be inside the payload object.

   } catch(error){
   console.log(error)
   }
}

Enter fullscreen mode Exit fullscreen mode

8. Extract data from verified token and set it in the request header

// /middleware.js

import { NextResponse } from 'next/server';
import * as jose from 'jose'

export const middleware = async (req) => {
   try {
    const header = req.headers.get('authorization');
        if(!header) return NextResponse.json({
             status:'error'
             statusCode: 400,
             message:'unauthenticated'
         })

   const token = header.split(" ")[1];
        if(!token) return NextResponse.json({
             status:'error'
             statusCode: 401,
             message:'You are not logged in'
         })
    const { payload } = await jose.jwtVerify(
      token,
      new TextEncoder().encode(process.env.NEXT_PUBLIC_JWT_KEY)
    );

    const requestHeaders = new Headers(req.headers)
    requestHeaders.set('user', payload.id)
   } catch(error){
   console.log(error)
   }
}

Enter fullscreen mode Exit fullscreen mode

9. Call the next() function and pass the updated request header

// /middleware.js

import { NextResponse } from 'next/server';
import * as jose from 'jose'

export const middleware = async (req) => {
   try {
    const header = req.headers.get('authorization');
        if(!header) return NextResponse.json({
             status:'error'
             statusCode: 400,
             message:'unauthenticated'
         })

   const token = header.split(" ")[1];
        if(!token) return NextResponse.json({
             status:'error'
             statusCode: 401,
             message:'You are not logged in'
         })
    const { payload } = await jose.jwtVerify(
      token,
      new TextEncoder().encode(process.env.NEXT_PUBLIC_JWT_KEY)
    );

    const requestHeaders = new Headers(req.headers)
    requestHeaders.set('user', payload.id)

    return NextResponse.next({
               request: {
                headers: requestHeaders
               } 
    })
   } catch(error){
   console.log(error)
   }
}

Enter fullscreen mode Exit fullscreen mode

10. Finally, you need to export a config object from the middleware file that contains configurations about the routes you want to protect.

// /middleware.js

import { NextResponse } from 'next/server';
import * as jose from 'jose'

export const config = {
  matcher:[
   // contain list of routes you want to protect, e.g /api/users/:path*
]
}

export const middleware = async (req) => {
   try {
    const header = req.headers.get('authorization');
        if(!header) return NextResponse.json({
             status:'error'
             statusCode: 400,
             message:'unauthenticated'
         })

   const token = header.split(" ")[1];
        if(!token) return NextResponse.json({
             status:'error'
             statusCode: 401,
             message:'You are not logged in'
         })
    const { payload } = await jose.jwtVerify(
      token,
      new TextEncoder().encode(process.env.NEXT_PUBLIC_JWT_KEY)
    );

    const requestHeaders = new Headers(req.headers)
    requestHeaders.set('user', payload.id)

    return NextResponse.next({
               request: {
                headers: requestHeaders
               } 
    })
   } catch(error){
   console.log(error)
   }
}

Enter fullscreen mode Exit fullscreen mode

I hope you find this 10 steps helpful, let me know what you think about this method in the comment section, and feel free to share if a better way to achieve this too.

Thank you.

Top comments (0)