API Auth Middleware
Component Detail
Infrastructure
high complexity
backend
1
Dependencies
1
Dependents
3
Entities
0
Integrations
Description
Next.js middleware that enforces JWT-based authentication on all protected /api/v1/... routes and HTTP-only cookie session verification on /admin/... routes. Runs before every route handler on the server, extracts and validates tokens, and attaches the decoded user identity and role to the request context so downstream handlers can perform authorization checks.
api-auth-middleware
Responsibilities
- Validate JWT Bearer tokens on all protected mobile API routes
- Verify HTTP-only session cookies for admin panel routes
- Reject unauthenticated requests with 401 before reaching handlers
- Attach decoded user ID, organization ID, and role to request context
- Enforce route-level role requirements (e.g., admin-only endpoints)
Interfaces
middleware(request: NextRequest)
verifyBearerToken(authHeader)
verifySessionCookie(cookies)
extractUserContext(decodedToken)
requireRole(role)
isProtectedRoute(pathname)
isAdminRoute(pathname)
buildUnauthorizedResponse(message)
config.matcher
Relationships
Related Data Entities (3)
Data entities managed by this component