Wrapping auth() for Protected Routes and Encapsulating Logic

[mikeE-finsight]

Hey Auth.js folks!

I'm doing a quick POC to understand if auth.js is right for our project.

nextJsVersion: 15.1.3
version: 5.0.0-beta.28

In our current implementation we do something like this:

export async function authJsRoute(routeHandler: RouteHandler): Promise<RouteHandler> {
  return auth(async (req) => {
    if (!req.auth) return NextResponse.json({ message: 'Not authenticated' }, { status: 401 });

    // handle logging and other stuff here
    return routeHandler(req);
  });
}

// and usage

export const GET = authJsRoute(async (request: NextAuthRequest) => {
  logger.info('AuthRequiredRoute', {
    auth: request.auth,
  });
  return NextResponse.json(
    { message: `Hello, ${request.auth?.user?.name || 'Guest'}!` },
    { status: 200 }
  );
});

For auth.js, I'm getting an error: TypeError: ReflectApply is not a function. I assume that it's because the auth() callback is expected to be the actual route itself and not a higher order function.

Can anyone explain how I should handle this?

I tried using const session = auth() and checking that in the route as well but I got really weird nextjs errors.

Thanks!

[mikeE-finsight]

Ok classic brain fart here. I need to await the authJsRoute() call:

export const GET = await authJsRoute(async (request: NextAuthRequest) => {
  logger.info('AuthRequiredRoute', {
    auth: request.auth,
  });
  return NextResponse.json(
    { message: `Hello, ${request.auth?.user?.name || 'Guest'}!` },
    { status: 200 }
  );
});