Added Private Route Array

README.md

@@ -140,18 +140,25 @@ import { authMiddleware } from '@descope/nextjs-sdk/server'
 export default authMiddleware({
 	// The Descope project ID to use for authentication
 	// Defaults to process.env.DESCOPE_PROJECT_ID
-	projectId: 'your-descope-project-id'
+	projectId: 'your-descope-project-id',
 
 	// The URL to redirect to if the user is not authenticated
 	// Defaults to process.env.SIGN_IN_ROUTE or '/sign-in' if not provided
 	// NOTE: In case it contains query parameters that exist in the original URL, they will override the original query parameters. e.g. if the original URL is /page?param1=1&param2=2 and the redirect URL is /sign-in?param1=3, the final redirect URL will be /sign-in?param1=3&param2=2
-	redirectUrl?: string
+	redirectUrl?: string,
 
 	// An array of public routes that do not require authentication
+	// All routes are private by default, this is where you will defined which routes are public.
 	// In addition to the default public routes:
 	// - process.env.SIGN_IN_ROUTE or /sign-in if not provided
 	// - process.env.SIGN_UP_ROUTE or /sign-up if not provided
-	publicRoutes?: string[]
+	publicRoutes?: string[],
+
+	// An array of private routes that require authentication
+	// If this is defined, then the default behavior of all routes being private will be changed, and all routes will be public by default. Private routes will therefore have to be controlled by this array
+	privateRoutes?: string[],
+
+	// If you having privateRoutes and publicRoutes defined at the same time, privateRoutes by default will be ignored.
 })
 
 export const config = {

src/server/authMiddleware.ts

@@ -19,13 +19,22 @@
 	// Defaults to process.env.SIGN_IN_ROUTE or '/sign-in' if not provided
 	// NOTE: In case it contains query parameters that exist in the original URL, they will override the original query parameters. e.g. if the original URL is /page?param1=1&param2=2 and the redirect URL is /sign-in?param1=3, the final redirect URL will be /sign-in?param1=3&param2=2
 	redirectUrl?: string;
-
-	// An array of public routes that do not require authentication
-	// In addition to the default public routes:
-	// - process.env.SIGN_IN_ROUTE or /sign-in if not provided
-	// - process.env.SIGN_UP_ROUTE or /sign-up if not provided
-	publicRoutes?: string[];
-};
+} & (
+	| {
+			// An array of public routes that do not require authentication
+			// In addition to the default public routes:
+			// - process.env.SIGN_IN_ROUTE or /sign-in if not provided
+			// - process.env.SIGN_UP_ROUTE or /sign-up if not provided
+			publicRoutes?: string[];
+			privateRoutes?: never;
+	  }
+	| {
+			publicRoutes?: never;
+			// An array of private routes that require authentication
+			// If privateRoutes is defined, routes not listed in this array will default to public routes
+			privateRoutes?: string[];
+	  }
+);
 
 const getSessionJwt = (req: NextRequest): string | undefined => {
 	let jwt = req.headers?.get('Authorization')?.split(' ')[1];
@@ -46,7 +55,19 @@
 	);
 	const isPublic = options.publicRoutes?.includes(req.nextUrl.pathname);
 
-	return isDefaultPublicRoute || isPublic;
+	// If both publicRoutes and privateRoutes are provided, we prioritize publicRoutes
+	if (options.publicRoutes && options.privateRoutes) {
+		return isDefaultPublicRoute || isPublic;
+	}
+
+	// If only publicRoutes are provided
+	if (options.publicRoutes) {
+		return isDefaultPublicRoute || isPublic;
+	}
+
+	// If only privateRoutes are provided
+	const isPrivate = options.privateRoutes?.includes(req.nextUrl.pathname);
+	return isDefaultPublicRoute || !isPrivate;
 };
 
 const addSessionToHeadersIfExists = (
@@ -72,6 +93,13 @@
 	async (req: NextRequest) => {
 		console.debug('Auth middleware starts');
 
+		if (options.publicRoutes && options.privateRoutes) {
+			console.warn(
+				'Both publicRoutes and privateRoutes are defined. Ignoring privateRoutes.'
+			);
+			options.privateRoutes = undefined;
+		}
+
 		const jwt = getSessionJwt(req);
 
 		// check if the user is authenticated