"Next.js 15 边缘认证实践：Signed Cookies/JWT 与 Middleware 协同"

Next.js 15 边缘认证实践概述使用 Signed Cookies/JWT 在边缘校验身份与权限，减少后端压力并提升响应速度。Middleware + Signed Cookieimport { NextResponse } from 'next/server' import type { NextRequest } from 'next/server' function verifySignedCookie(cookie: string | null) { // 伪代码：基于密钥的 HMAC 验证 return Boolean(cookie) } export function middleware(req: NextRequest) { const auth = req.cookies.get('session')?.value || null if (!verifySignedCookie(auth)) { const url = req.nextUrl.clone(); url.pathname = '/login' return NextResponse.redirect(url) } return NextResponse.next() } export const config = { matcher: ['/((?!_next|static|login|api/public).*)'] } JWT 校验与权限export async function GET(req: Request) { const token = (await getAuthToken()) // 伪函数 const valid = await verifyJWT(token) if (!valid) return new Response('Unauthorized', { status: 401 }) return new Response('OK') } 技术参数与验证边缘延迟低；认证失败快速跳转；权限校验正确。注意事项密钥与令牌管理；对公共资源放行；遵循隐私合规与跨域策略。---发布信息：已发布 · 技术验证 · 阅读 34 分钟 · CC BY-SA 4.0