Tutorials
Private Pages
At the end of this tutorial, you’ll know how to add new private pages to your application.
Convention
All pages inside
/apps/web/app/app, folder are private by default.All pages inside /apps/web/app/home folder are public by default.
So, if you want to add a new private page to your application, make sure to add it inside
/apps/web/app/app folder.How TurboStack ensures authentication?
We created a NextJS Middleware to ensure that all pages inside app
folder need an authentified user to be available.
Here is the code for our AppMiddleware
:
apps/web/lib/middleware/app.ts
export async function AppMiddleware(req: NextRequest) {
// get the current session from request cookies
const session = (await getToken({
req,
secret: process.env.NEXTAUTH_SECRET,
})) as {
email?: string;
user?: {
id: string;
};
};
// if the session is undefined and the requested url is not public, then redirect to sign-in.
if (!session?.email && !isPublic(req)) {
return NextResponse.redirect(
new URL(
'/sign-in',
req.url
)
)
}
const searchParams = req.nextUrl.searchParams.toString();
const searchParamsString = searchParams.length > 0 ? `?${searchParams}` : "";
const fullPath = `${req.nextUrl.pathname}${searchParamsString}`;
return NextResponse.rewrite(new URL(`/app${fullPath}`, req.url))
}
function isPublic(req: NextRequest) { // <- if you need more public pages, change this function.
return ['/sign-in'].includes(req.nextUrl.pathname)
}