How can I protect multiple Next.js API routes in next-auth

I build a simple API in Next.js and I use next-auth for authentication.

So far I have to use something like this in every API route:

  const session = await getSession({ req });
  if (session) {
    ... do something ...
  } else {
    ... send back a 401 status
  }

This seems to go against the DRY principle. Is there a clever way to apply protection to a number of routes in one place, such as Laravel route groups?

Solution

Create a middleware that gets the session otherwise returns 401.

See NextJS docs on api middleware.
You can also check out their example in the github repo.

Next.js Loads <script> tags but it doesn't execute them
graphql codegen typescript suddenly brokes and don't want generate types
NextJS 13 <button onClick={}> Event handlers cannot be passed to Client Component props
How to remove __NEXT_DATA__ from dom in NextJs?
window.__TAURI__ is not available
Why Nodemailer is working locally but not in Production?
How to extend the core user schema in better-auth
fetch data with sort not updating after build
Can you destructure a result from an SWR query?
Any way to render HTML in react-markdown
Problem with rendering markdown in NextJS/React
Can we have a portal in Next.js
NextAuth: how to return custom errors without redirection
nextjs dynamic() import works in dev mode, but not the production, Nextjs13 pages dir #45582
How to enable tailwindcss v4.0 for the packages/ui components in a turborepo?
scrollbar disappears when clicking dropdown menu
Run of a next js app stuck, npm run dev doesn't work
How to customize selected date styles in Mantine DatePicker?
Next-auth getToken dont working on serverside
NextJS 15 loading.tsx not showing
Website name is not showing in google search result, URL is shown instead
Largest Contentful Paint very slow on mobile using Next.js
The edge runtime does not support Node.js 'crypto' module error while adding mongoClient in Auth Js (Next js)
How to only show validation errors if a field is touched or modified?
How to Delete a Cookie in a Next.js 14 Middleware After External API Validation
getStaticProps return an empty array
Refresh token coming from Nest.js as cookie does not get persisted after refresh
Next.js – window is not defined error even when using useEffect and typeof window !== 'undefined' check
path.startsWith is not a function in next js
Unable to setup a NextJS project using Deno 2