@appwarden/middleware
Version:
Instantly disable all user interaction with your app deployed on Cloudflare or Vercel
57 lines (39 loc) • 2.04 kB
Markdown
Use this reference when wiring Appwarden into a Next.js app deployed with the Cloudflare (OpenNext) adapter.
## Prerequisites
- Next.js project with `@opennextjs/cloudflare` installed.
- `appwarden-link --fqdn=your.app` configured as a prebuild script.
- `.appwarden/linked/` added to `.gitignore`.
- Next.js 15 and earlier: `middleware.ts` (project root or `src/`).
- Next.js 16+: `proxy.ts` (project root or `src/`). `middleware.ts` is silently ignored in Next.js 16+.
```typescript
// middleware.ts
import {
createAppwardenMiddleware,
getAppwardenConfiguration,
} from "@appwarden/middleware/cloudflare/nextjs"
import appwardenConfig from "./.appwarden/linked/middleware.json"
export default createAppwardenMiddleware((request) =>
getAppwardenConfiguration(appwardenConfig, {
appwardenApiToken: request.cloudflare.env.APPWARDEN_API_TOKEN,
debug: true,
}),
)
export const config = {
matcher: [
"/((?!api|_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)",
],
}
```
Same code, but in `proxy.ts` instead of `middleware.ts`.
Next.js Cloudflare exposes the Worker environment on `request.cloudflare.env`. Access `APPWARDEN_API_TOKEN` there.
**Important:** The OpenNext adapter applies CSP headers only before the origin. It does **not** rewrite HTML to inject nonces. Use headers-only CSP directives for this adapter. Do not use `{{nonce}}`.
- Make sure `appwarden-link` runs before the build. The linked config is read at runtime from the bundled output.
- A `middleware.ts` placed at the project root is ignored when the app uses a `src/` layout. Use `src/middleware.ts` in that case.
- The lock page may not receive CSP headers injected by the middleware because the adapter short-circuits when the request is already on the lock page. Apply CSP at the page level if needed.