middleware static method
Middleware that protects routes requiring authentication.
This middleware:
- verifies the session cookie exists
- ensures an in-memory session is available
- checks that the session matches the cookie
- validates the session timeout window
- refreshes the last-activity timestamp before continuing
When validation fails, the request is logged out and redirected to the login flow.
Parameters:
request: The incoming HTTP request.next: The next middleware or handler in the pipeline.
Example:
router.get(
'/dashboard',
handler: (request) async => dashboardController.index(request),
middleware: [AuthSession.middleware],
);
Implementation
static Future<dynamic> middleware(HttpRequest request, Future<void> Function() next) async {
final cookie = request.cookies.firstWhereOrNull((cookie) => cookie.name == "archery_session");
if (cookie == null) {
await logout(request);
return request.redirectToLogin();
}
final authSessions = App().tryMake<List<AuthSession>>();
if (authSessions == null || authSessions.isEmpty) {
await logout(request);
return request.redirectToLogin();
}
final session = authSessions.firstWhereOrNull((session) => session.cookie?.value == cookie.value);
if (session == null) {
await logout(request);
return request.redirectToLogin();
}
if (!_validateSession(session)) {
await logout(request);
return request.redirectToLogin();
}
session.lastActivity = DateTime.now();
await next();
}