arcjet · trunk-io · May 10, 2024 · Apr 29, 2024 · May 1, 2024 · May 10, 2024
@@ -1,6 +1,6 @@
 import arcjet, { ArcjetDecision, tokenBucket, detectBot, shield } from "@arcjet/next";
 import { NextResponse } from "next/server";
-import { currentUser } from "@clerk/nextjs";
+import { currentUser } from "@clerk/nextjs/server";
 
 // The root Arcjet client is created outside of the handler.
 const aj = arcjet({
@@ -9,10 +9,6 @@ const aj = arcjet({
     shield({
       mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
     }),
-    detectBot({
-      mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
-      block: ["AUTOMATED"], // blocks all automated clients
-    }),
   ],
 });
 

@@ -2,7 +2,7 @@
  * This retrieves the Clerk JWT token for the current user so you can test the
  * private API route.
  */
-import { auth } from "@clerk/nextjs";
+import { auth } from "@clerk/nextjs/server";
 
 export async function GET(req: Request) {
   const { userId, getToken } = auth();

@@ -1,14 +1,19 @@
-import { authMiddleware } from "@clerk/nextjs";
+import { clerkMiddleware, createRouteMatcher } from "@clerk/nextjs/server";
+import { NextResponse } from "next/server";
 
-export default authMiddleware({
-  // Routes that can be accessed while signed out
-  publicRoutes: ["/", '/api/public'],
-  apiRoutes: ["/api/private"],
+const isProtectedRoute = createRouteMatcher(["/api/private", "/api/token"]);
+
+export default clerkMiddleware((auth, request) => {
+  if (isProtectedRoute(request)) {
+    auth().protect();
+  }
+
+  return NextResponse.next();
 });
 
 export const config = {
   // Protects all routes, including api/trpc.
-  // See https://clerk.com/docs/references/nextjs/auth-middleware
+  // See https://clerk.com/docs/references/nextjs/clerk-middleware
   // for more information about configuring your Middleware
   matcher: ["/((?!.+\\.[\\w]+$|_next).*)", "/", "/(api|trpc)(.*)"],
 };