I share how I almost got hacked by protecting admin pages with `useEffect`. Learn why client-side protection is dangerous and how to use Next.js Middleware to securely protect routes at the server level, including a deep dive into Edge Runtime limitations.
A comprehensive deep dive into client-side storage. From Cookies to IndexedDB and the Cache API. We explore security best practices for JWT storage (XSS vs CSRF), performance implications of synchronous APIs, and how to build offline-first applications using Service Workers.
App crashes only in Release mode? It's likely ProGuard/R8. Learn how to debug obfuscated stack traces, use `@Keep` annotations, and analyze `usage.txt`.
Bitcoin is just part of it. How to create trust without a central authority, principles of decentralization, smart contracts, gas fees, Layer 2 solutions, DAOs, and the Oracle Problem.
Why your server isn't hacked. From 'Packet Filtering' checking ports/IPs to AWS Security Groups. Evolution of Firewalls.
Protection isn't the only use case. Middleware is perfect for Language Routing.
You can detect the user's Accept-Language header and redirect them to /ko or /en.
/* middleware.ts */
import { match } from '@formatjs/intl-localematcher';
import Negotiator from 'negotiator';
// 1. Define supported locales
let locales = ['en', 'ko', 'ja'];
let defaultLocale = 'en';
export function middleware(request) {
const pathname = request.nextUrl.pathname;
// 2. Check if path already has locale
const pathnameIsMissingLocale = locales.every(
(locale) => !pathname.startsWith(`/${locale}/`) && pathname !== `/${locale}`
);
// 3. Redirect if missing
if (pathnameIsMissingLocale) {
let languages = new Negotiator({ headers: request.headers }).languages();
let locale = match(languages, locales, defaultLocale);
return NextResponse.redirect(
new URL(`/${locale}${pathname}`, request.url)
);
}
}
This logic runs before the page loads, ensuring the user always lands on the correct language version without a flash.
By leveraging Middleware for both security and routing, you create a robust, performant application architecture that is secure by default. It separates concerns effectively: pages handle rendering, and middleware handles access control.
Since Middleware runs on the Edge, it generally has negligible cold starts compared to Serverless functions (AWS Lambda). However, if you import heavy libraries (which you shouldn't), you might introduce latency. Keep your middleware lightweight. If you need complex logic, offload it to an API route and just call it from the middleware (though be careful with latency there too). The golden rule is: Middleware should be fast. It runs on every single request.