Advanced Middleware and Security Logic
When to use this skill
- •Implementing site-wide security measures.
- •Protecting sensitive routes like
/admin/*or/dashboard/*. - •Injecting nonces or CSP headers.
Workflow
- • Create
middleware.tsin the root (Next.js 15). - • Define
config.matcherto specify target routes. - • Implement checks (Auth check, Rate limit, CSP).
Code Pattern (CSP Header)
typescript
import { NextResponse } from 'next/server';
export function middleware(request: Request) {
const nonce = Buffer.from(crypto.randomUUID()).toString('base64');
const csp = `default-src 'self'; script-src 'self' 'nonce-${nonce}';`;
const response = NextResponse.next();
response.headers.set('Content-Security-Policy', csp);
return response;
}
Instructions
- •Performance: Keep middleware logic lightweight to avoid slowing down every request.
- •Auth: Appwrite sessions are stored in cookies; middleware can check for the presence of these cookies for simple protection.