I have an app that needs all users to be authenticated. There is no public-facing welcome page and no need for one. All users should redirect automatically to /.auth/login/aad if they aren't authenticated.

The way I see it, there are two main ways to handle this. Either check for the x-ms-client-principal header in a hook and throw an error if it's missing, or set allowedRoles for all routes in staticwebapp.config.json. I would prefer the latter option because then pre-rendered pages will be protected without having to make all pages server-side rendered.

Unfortunately, that's not possible because of the way this adapter processes the config.

The workaround seems to be to list each route in the adapter's customStaticWebAppConfig, but that has two problems: The first problem is the hook still has to be used to protect the routes that get added automatically. The second problem is there are now two sources of truth for the list of routes. The file system and svelte.config.js.

I understand there is a need to rewrite routes to ssrFunctionRoute for server-side rendering, but perhaps there could be a more nuanced way of building the route map other than just tacking on permanent routes and blocking wildcard routes. For example, the provided customStaticWebAppConfig could be walked and rules that lack a redirect and rewrite could have a rewrite: ssrFunctionRoute added. Then, if the required routes are missing, they could be added.

Are you receptive to a pull request on this subject? I might be willing to take a stab at it.