AgentSkillsCN

managing-advanced-middleware

运用高级中间件逻辑,强化安全性与路由控制。可实现全局限流、安全头信息的添加,以及对管理员路由的全面防护。

SKILL.md
--- frontmatter
name: managing-advanced-middleware
description: Advanced middleware logic for security and routing. Use for global rate limiting, security headers, and protection of admin routes.

Advanced Middleware and Security Logic

When to use this skill

  • Implementing site-wide security measures.
  • Protecting sensitive routes like /admin/* or /dashboard/*.
  • Injecting nonces or CSP headers.

Workflow

  • Create middleware.ts in the root (Next.js 15).
  • Define config.matcher to specify target routes.
  • Implement checks (Auth check, Rate limit, CSP).

Code Pattern (CSP Header)

typescript
import { NextResponse } from 'next/server';

export function middleware(request: Request) {
    const nonce = Buffer.from(crypto.randomUUID()).toString('base64');
    const csp = `default-src 'self'; script-src 'self' 'nonce-${nonce}';`;
    
    const response = NextResponse.next();
    response.headers.set('Content-Security-Policy', csp);
    return response;
}

Instructions

  • Performance: Keep middleware logic lightweight to avoid slowing down every request.
  • Auth: Appwrite sessions are stored in cookies; middleware can check for the presence of these cookies for simple protection.