Protected routes using Next.js Edge Middleware & Supabase

Published in

Udacity Eng & Data

2 min readJul 19, 2022

Intro

Next.js now provides middleware functionality, allowing us to execute code before a request is processed — at the edge. We can inspect the request coming from the client, and modify the response. We’ll make use of this to check for a cookie on protected routes, and redirect if the client doesn’t contain the cookie. Handling the redirect at the edge, rather than the client, improves the user experience by preventing protected content from being delivered to the client, which prevents flashes of content, client side redirects, and improves performance.

Step 1: Setting the cookie

I’ll be using Supabase, but the concepts are the same regardless of your auth provider. The first step is to set an auth cookie. Supabase makes this easy by providing a way to listen for auth changes, and a function for setting the cookie. Setting the cookie needs to happen on the server, so we’ll make use of a Next.js api route.

First, add the above code to start listening for auth changes. When the user signs in, or signs out, we will make a request to an endpoint that will add or remove the cookie. We need to send the Supabase Session, and Event in the body of our request.

Supabase makes setting the cookie impressively clean. We just give it the req and res, and it handles the rest.

Step 2: Checking for the cookie in middleware

The last step is to check for the cookie in our middleware. Next.js makes this very simple, just add a file named middleware.ts (or .js), in the same directory that your pages directory exists.

The above code checks if the client is requesting the /dashboard page, and if it is we check if a cookie named sb-access-tokenexists. If it doesn’t we redirect the user to the home page. ezpz.

Conclusion

Supabase and Next.js make protecting routes at the edge effortless. I’m really excited about the current edge-boom that the web is going through. It allows us to create better UX solutions, and is a huge win for performance. If you want to keep up with the latest in webdev make sure to follow me here and on Twitter @Kolbysisk. 🙏

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Try for $5/month

Front End Development

Published in Udacity Eng & Data

2.2K Followers

Last published Jan 10, 2025

from the engineers and data scientists building Udacity

Written by Kolby Sisk

1.3K Followers

189 Following

Builder of software with a passion for learning. I specialize in web development and user experience design. www.kolbysisk.com

Responses (3)

Write a response

What are your thoughts?

Also publish to my profile

Thiago Mendonça

Feb 17, 2023

Very good!! But...
If the user is clever, he can create a cookie with the name "sb-access-token" by DevTools, for example, and have access to his system. As only the name of the cookie is checked, not validating its content.

Șener Ali

Aug 4, 2023

Kolby, your article rocks! 🚀 Explaining Next.js edge middleware and Supabase for protected routes is genius. Your clear guide makes it easy to implement and enhance user experience while boosting performance. Excited about the web's edge-boom! Following you for more insights. Thanks! 🙏💻

Kasun Vithanage

Feb 16, 2023

What if cookie is expired?

More from Kolby Sisk and Udacity Eng & Data

Handling errors like a pro in TypeScript

Udacity Eng & Data

Kolby Sisk

Handling errors like a pro in TypeScript

Error handling is crucial to the longevity of any project. Learn the design pattern I use to handle errors and write cleaner code.

Dec 21, 2022

Mastering forms in Next.js 15 and React 19

Udacity Eng & Data

Kolby Sisk

Mastering forms in Next.js 15 and React 19

Creating forms in modern React has evolved significantly with the latest releases. In this post we’ll explore best practices for building…

Jan 10

High Performance ELK with Kubernetes: Part 1

Udacity Eng & Data

Jesse Swidler

High Performance ELK with Kubernetes: Part 1

Set up Elasticsearch and Kibana in a Kubernetes cluster

Aug 7, 2018

Sorting imports on save in React projects with ESLint.

Udacity Eng & Data

Kolby Sisk

Sorting imports on save in React projects with ESLint.

Figuring out how to automatically sort imports on save was much harder than I’d like to admit. Maybe it’s because I’m particularly picky…

Dec 3, 2021

See all from Kolby Sisk

See all from Udacity Eng & Data

Recommended from Medium

FAUN — Developer Community 🐾

Niraj M. Rajgor

From Setup to Execution: The Most Accurate TanStack Query and Next.js 14+ Integration Guide

Discover a precise, end-to-end approach to TanStack/React Query and Next.js 14+ integration, built on personal experience and designed to…

Nov 19, 2024

Replacing Server Actions in Next.js: A Deep Dive into TanStack Query

JavaScript in Plain English

Jagadhiswaran D

Replacing Server Actions in Next.js: A Deep Dive into TanStack Query

Exploring TanStack Query as an Efficient Alternative for Data Fetching, Caching, and State Management in Next.js Applications

Feb 17

Lists

General Coding Knowledge

20 stories1933 saves

Stories to Help You Grow as a Software Developer

19 stories1616 saves

Coding & Development

11 stories1022 saves

ChatGPT

21 stories984 saves

Optimizing Performance and Flexibility in Next.js

Ademyalcin

Optimizing Performance and Flexibility in Next.js

Next.js 15 brings significant changes to its core framework, optimizing both performance and flexibility for developers building…

Oct 22, 2024

How I Made My Next.js App Load 10x Faster (And You Can Too)

Sanjeevani Bhandari

How I Made My Next.js App Load 10x Faster (And You Can Too)

The Performance Hacks No One Told You About (Until Now)

Feb 25

Setting up Next.js with Prisma & PostgreSQL

Daminda Dinesh Imaduwa Gamage

Setting up Next.js with Prisma & PostgreSQL

An Introductory Guide to Integrating Next.js, Prisma, and PostgreSQL for Beginners

Sep 14, 2024

Ankit

Debugging Performance Issues in Next.js Apps: Tools and Techniques

Struggling with slow Next.js apps? 🚀 Learn how to debug performance issues with essential tools and proven techniques.

Dec 15, 2024

See more recommendations

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams