Next.js middleware offers powerful customization for request handling within your application. It allows interception of requests to perform actions like session validation, logging, and caching. However, inefficient middleware implementation can severely impact performance. This guide clarifies middleware functionality and best practices, helping you understand when and how to leverage it effectively.
Next.js middleware comprises functions automatically executed for each incoming request. These functions inspect and modify request data before it reaches your application's routing system. Applications include authentication, logging, and error management. For example, middleware can validate user sessions by checking tokens, preventing unauthorized access.
Next.js middleware is highly flexible and customizable. You can create tailored functions to meet specific application needs, setting application-wide settings or policies. This simplifies routing configuration, avoiding complex multi-layered setups. Using middleware results in more robust, scalable, and maintainable applications.
Understanding the order of operations when a request is received is crucial:
Headers: next.config.js headers are applied first, setting initial request headers. This is ideal for security headers like Content Security Policy (CSP) or CORS.
Redirects: next.config.js redirects are processed next, mapping requests to different URLs. This handles URL rewriting and redirects, managing routing rules across pages or the entire application.
Middleware Evaluation: After headers and redirects, middleware is evaluated and its logic executed.
beforeFiles: next.config.js beforeFiles (rewrites) are applied, enabling further rewriting or file-specific logic before routing.
File System Routes: The application's file system routes are processed (e.g., public/, _next/static/, pages, and apps). Static files are served here.
afterFiles: next.config.js afterFiles (rewrites) are applied, offering a final modification point before dynamic routing.
Dynamic Routes: Dynamic routes (e.g., /blog/[slug]) are handled. These require specific handling and rewriting for variables or parameters.
Fallback: next.config.js fallback is applied, managing requests that cannot be routed otherwise. This allows for error handlers or fallback routes.
Authentication: Validate user credentials before accessing protected resources. Middleware can check session tokens, redirecting unauthenticated users to login. Clerk uses this approach effectively.
Logging: Track application events (user actions, errors) by logging each request to a central server for analysis and debugging.
Data Fetching: (With limitations) Load data from APIs or databases for up-to-date information. Note the performance considerations discussed later.
Request Routing: Customize routing, redirecting requests to specific paths or implementing catch-all error handlers.
Caching: Improve performance by storing frequently accessed resources in memory, reducing requests. (Example code provided in original text)
Rate Limiting: Monitor requests from users or IP addresses, blocking excessive requests to protect backend resources.
Page Transforms: Rewrite HTML or transform data in real time. This is useful for image URL rewriting or serving assets from different domains.
Analytics/Reporting: Track user behavior and application performance for optimization. Middleware can modify cookies for third-party analytics integration.
Internationalization: Deliver content in multiple languages based on user locale (e.g., using IP address or HTTP headers).
Middleware is implemented by creating a middleware.ts file at the project root. This file defines a middleware function and (optionally) a matcher.
The middleware function contains the middleware logic. It takes a request as input and returns a response.
<code class="language-javascript">import { NextResponse } from 'next/server'
import type { NextRequest } from 'next/server'
export function middleware(request: NextRequest) {
// Middleware logic here
return NextResponse.next()
}</code>Example redirecting requests to /dashboard unless they start with /api:
<code class="language-javascript">export function middleware(request: NextRequest) {
if (!request.nextUrl.pathname.startsWith('/api')) {
return NextResponse.redirect(new URL('/dashboard', request.url))
}
return NextResponse.next()
}</code>The function must return: NextResponse.next(), NextResponse.redirect(), NextResponse.rewrite(), NextResponse.json(), or a custom Response/NextResponse.
The matcher determines which requests are processed by the middleware. It's defined in the config object:
<code class="language-javascript">export const config = {
matcher: '/hello', // Matches only /hello
}</code>You can use arrays for multiple routes or regular expressions for more complex matching:
<code class="language-javascript">import { NextResponse } from 'next/server'
import type { NextRequest } from 'next/server'
export function middleware(request: NextRequest) {
// Middleware logic here
return NextResponse.next()
}</code>Without a matcher, middleware applies to all routes, potentially impacting performance.
Next.js supports only one middleware file. To use multiple functions, create separate functions and call them sequentially, returning a response if one is generated:
<code class="language-javascript">export function middleware(request: NextRequest) {
if (!request.nextUrl.pathname.startsWith('/api')) {
return NextResponse.redirect(new URL('/dashboard', request.url))
}
return NextResponse.next()
}</code>Clerk simplifies authentication by providing clerkMiddleware:
<code class="language-javascript">export const config = {
matcher: '/hello', // Matches only /hello
}</code>This handles cookie parsing and user verification. You can extend it with custom logic:
<code class="language-javascript">export const config = {
matcher: ['/hello', '/world', '/[a-zA-Z]+/'], // Matches multiple routes and regex
}</code>Edge Runtime Constraints: Middleware runs on the Edge Runtime, limiting available APIs and libraries. File system access is not allowed.
Size Restriction: Middleware functions are limited to 1MB.
ES Modules Only: Only ES modules are supported.
No String Evaluation: eval and new Function(evalString) are disallowed.
Performance Considerations: Complex middleware can negatively impact performance. Database access within middleware is generally discouraged.
Limited Access to Request/Response: Middleware doesn't have full access to request and response objects.
This guide provides a comprehensive understanding of Next.js middleware, its capabilities, limitations, and best practices. Remember to prioritize efficient code to avoid performance bottlenecks.
The above is the detailed content of What is middleware in Next.js. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
