Next.js 15 边缘认证实践：Signed Cookies/JWT 与 Middleware 协同

Next.js 15 边缘认证实践概述使用 Signed Cookies/JWT 在边缘校验身份与权限，减少后端压力并提升响应速度。Middleware + Signed Cookieimport { NextResponse } from 'next/server'

import type { NextRequest } from 'next/server'

function verifySignedCookie(cookie: string | null) {

// 伪代码：基于密钥的 HMAC 验证

return Boolean(cookie)

}

export function middleware(req: NextRequest) {

const auth = req.cookies.get('session')?.value || null

if (!verifySignedCookie(auth)) {

const url = req.nextUrl.clone(); url.pathname = '/login'

return NextResponse.redirect(url)

}

return NextResponse.next()

}

export const config = { matcher: ['/((?!_next|static|login|api/public).*)'] }

JWT 校验与权限export async function GET(req: Request) {

const token = (await getAuthToken()) // 伪函数

const valid = await verifyJWT(token)

if (!valid) return new Response('Unauthorized', { status: 401 })

return new Response('OK')

}

技术参数与验证边缘延迟低；认证失败快速跳转；权限校验正确。注意事项密钥与令牌管理；对公共资源放行；遵循隐私合规与跨域策略。---发布信息：已发布 · 技术验证 · 阅读 34 分钟 · CC BY-SA 4.0