Auth Middleware
Component Detail
Infrastructure
medium complexity
Shared Component
backend
0
Dependencies
1
Dependents
22
Entities
0
Integrations
Description
Next.js middleware layer that intercepts every API request and validates the JWT role claims server-side before the request reaches any route handler. Ensures that role-based data isolation is enforced at the API boundary, preventing unauthorized access regardless of client-side guards.
auth-middleware
Responsibilities
- Intercept all incoming API requests and extract the JWT from the Authorization header
- Validate JWT signature, expiry, and role claims on every request
- Reject requests with invalid, expired, or insufficient-role tokens with 401 or 403 responses
- Attach decoded role and organization context to the request object for downstream handlers
Interfaces
middleware(NextRequest req) → NextResponse
validateJwt(String token) → DecodedToken | null
extractRoleClaims(DecodedToken token) → RoleClaims
requireRole(UserRole minimumRole) → MiddlewareFactory
requireOrganizationScope(String orgId) → MiddlewareFactory
rejectUnauthorized(NextResponse res, String reason) → NextResponse
attachClaimsToRequest(NextRequest req, RoleClaims claims) → NextRequest
Relationships
Related Data Entities (22)
Data entities managed by this component
Activity
20 fields
core
Assignment
20 fields
core
Auth Token
15 fields
core
Badge
15 fields
configuration
Caregiver
14 fields
core
Contact
17 fields
core
Course Enrollment
15 fields
core
Document
15 fields
core
Event
19 fields
core
Event Attendee
11 fields
core
External Resource
13 fields
configuration
Integration
13 fields
external
Local Association
17 fields
core
Mentor Program Session
14 fields
core
Organization
14 fields
core
Recruitment Referral
11 fields
core
Region
6 fields
core
Role
11 fields
configuration
Session
15 fields
core
Toolbox Card
13 fields
configuration
User
18 fields
core
User Organization Role
12 fields
core