feat: nextjs middleware and session types

Author: zpg6

examples/opennextjs/package.json

@@ -1,6 +1,6 @@
 {
     "name": "opennextjs",
-    "version": "0.2.0",
+    "version": "0.2.1",
     "private": true,
     "scripts": {
         "clean": "rm -rf .open-next && rm -rf .wrangler && rm -rf node_modules && rm -rf .next",
@@ -39,8 +39,8 @@
         "tailwind-merge": "^3.2.0"
     },
     "devDependencies": {
-        "@cloudflare/workers-types": "4.20250606.0",
-        "@opennextjs/cloudflare": "^1.0.1",
+        "@cloudflare/workers-types": "^4.20250813.0",
+        "@opennextjs/cloudflare": "^1.6.5",
         "@tailwindcss/postcss": "^4",
         "@types/node": "^20",
         "@types/react": "^19",

examples/opennextjs/src/app/page.tsx

@@ -4,20 +4,11 @@ import authClient from "@/auth/authClient";
 import { Button } from "@/components/ui/button";
 import { Card, CardContent, CardDescription, CardFooter, CardHeader, CardTitle } from "@/components/ui/card";
 import { Github, Package } from "lucide-react";
-import { useRouter } from "next/navigation";
-import { useEffect, useState } from "react";
+import { useState } from "react";
 
 export default function Home() {
     const { data: session, error: sessionError } = authClient.useSession();
     const [isAuthActionInProgress, setIsAuthActionInProgress] = useState(false);
-    const router = useRouter();
-
-    // Redirect to dashboard if already logged in
-    useEffect(() => {
-        if (session) {
-            router.push("/dashboard");
-        }
-    }, [session, router]);
 
     const handleAnonymousLogin = async () => {
         setIsAuthActionInProgress(true);
@@ -29,9 +20,9 @@ export default function Home() {
                 setIsAuthActionInProgress(false);
                 alert(`Anonymous login failed: ${result.error.message}`);
             } else {
-                // Login succeeded, redirect to dashboard
-                // Don't reset loading state here - let the redirect happen
-                window.location.href = "/dashboard";
+                // Login succeeded - middleware will handle redirect to dashboard
+                // Force a page refresh to trigger middleware redirect
+                window.location.reload();
             }
         } catch (e: any) {
             setIsAuthActionInProgress(false);

examples/opennextjs/src/middleware.ts

@@ -1,28 +1,76 @@
-import { NextResponse } from "next/server";
+import type { CloudflareSessionResponse } from "better-auth-cloudflare";
 import type { NextRequest } from "next/server";
-import { initAuth } from "@/auth"; // Adjust if your auth init is elsewhere
+import { NextResponse } from "next/server";
 
 export async function middleware(request: NextRequest) {
     const { pathname } = request.nextUrl;
 
-    // Protect the /dashboard route
-    if (pathname.startsWith("/dashboard")) {
+    // Routes that require authentication
+    const protectedRoutes = ["/dashboard"];
+    // Routes that should redirect to dashboard if already authenticated
+    const authRoutes = ["/", "/sign-in"];
+
+    const isProtectedRoute = protectedRoutes.some(route => pathname.startsWith(route));
+    const isAuthRoute = authRoutes.includes(pathname);
+
+    // Only check session for routes that need auth logic
+    if (isProtectedRoute || isAuthRoute) {
         try {
-            const authInstance = await initAuth();
-            const session = await authInstance.api.getSession({ headers: request.headers });
+            // Use the auth API route instead of importing better-auth directly
+            // This avoids Edge Runtime dynamic code evaluation issues with @opennextjs/cloudflare
+            const sessionResponse = await fetch(new URL("/api/auth/get-session", request.url), {
+                method: "GET",
+                headers: {
+                    cookie: request.headers.get("cookie") || "",
+                },
+            });
+
+            const isAuthenticated = sessionResponse.ok;
+            let sessionData: CloudflareSessionResponse | null = null;
 
-            if (!session) {
-                // User is not authenticated, redirect to home page
+            if (isAuthenticated) {
+                try {
+                    sessionData = await sessionResponse.json();
+                    // Double-check that we have a valid session
+                    if (!sessionData?.session || !sessionData.session.userId) {
+                        sessionData = null;
+                    }
+                } catch {
+                    sessionData = null;
+                }
+            }
+
+            // Handle protected routes - redirect to home if not authenticated
+            if (isProtectedRoute && !sessionData) {
                 const url = request.nextUrl.clone();
                 url.pathname = "/";
                 return NextResponse.redirect(url);
             }
+
+            // Handle auth routes - redirect to dashboard if already authenticated
+            if (isAuthRoute && sessionData) {
+                const url = request.nextUrl.clone();
+                url.pathname = "/dashboard";
+                return NextResponse.redirect(url);
+            }
+
+            // Optional: Log geolocation data for authenticated users
+            if (sessionData) {
+                console.log("Authenticated request from:", {
+                    country: sessionData.session.country,
+                    city: sessionData.session.city,
+                    timezone: sessionData.session.timezone,
+                });
+            }
         } catch (error) {
             console.error("Middleware error:", error);
-            // Optional: redirect to an error page or home on error
-            const url = request.nextUrl.clone();
-            url.pathname = "/"; // Or an error page like '/auth-error'
-            return NextResponse.redirect(url);
+
+            // On error, only redirect protected routes to avoid redirect loops
+            if (isProtectedRoute) {
+                const url = request.nextUrl.clone();
+                url.pathname = "/";
+                return NextResponse.redirect(url);
+            }
         }
     }
 
@@ -32,5 +80,7 @@ export async function middleware(request: NextRequest) {
 export const config = {
     matcher: [
         "/dashboard/:path*", // Protects /dashboard and all its sub-routes
+        "/", // Home page - redirect to dashboard if authenticated
+        "/sign-in", // Sign-in page - redirect to dashboard if authenticated
     ],
 };

package.json

@@ -1,6 +1,6 @@
 {
     "name": "better-auth-cloudflare",
-    "version": "0.2.3",
+    "version": "0.2.4",
     "description": "Seamlessly integrate better-auth with Cloudflare Workers, D1, Hyperdrive, KV, R2, and geolocation services.",
     "author": "Zach Grimaldi",
     "repository": {

src/types.ts

@@ -1,10 +1,10 @@
 import type { KVNamespace } from "@cloudflare/workers-types";
-import type { AuthContext } from "better-auth";
+import type { AuthContext, Session, User } from "better-auth";
 import type { DrizzleAdapterConfig } from "better-auth/adapters/drizzle";
 import type { FieldAttribute } from "better-auth/db";
 import type { drizzle as d1Drizzle } from "drizzle-orm/d1";
-import type { drizzle as postgresDrizzle } from "drizzle-orm/postgres-js";
 import type { drizzle as mysqlDrizzle } from "drizzle-orm/mysql2";
+import type { drizzle as postgresDrizzle } from "drizzle-orm/postgres-js";
 
 export interface CloudflarePluginOptions {
     /**
@@ -81,6 +81,29 @@ export interface CloudflareGeolocation {
     longitude?: string | null;
 }
 
+/**
+ * Session type enhanced with Cloudflare geolocation data
+ * This is what gets returned by /api/auth/get-session when using better-auth-cloudflare
+ */
+export interface CloudflareSession extends Session {
+    timezone?: string | null;
+    city?: string | null;
+    country?: string | null;
+    region?: string | null;
+    regionCode?: string | null;
+    colo?: string | null;
+    latitude?: string | null;
+    longitude?: string | null;
+}
+
+/**
+ * The response structure from /api/auth/get-session
+ */
+export interface CloudflareSessionResponse {
+    session: CloudflareSession;
+    user: User;
+}
+
 /**
  * Minimal R2Bucket interface - only what we actually need for file storage
  * Avoids complex type conflicts between DOM and Cloudflare Worker types