export function middleware(request) {
  if (!request.cookies.get("token")) {
    return NextResponse.redirect(new URL("/login", request.url));
  }
}

Congrats. You just blocked your API, static files, images, webhooks, favicon, sitemap, robots.txt, and maybe your soul.

Rule: Middleware runs on EVERY request unless you EXCLUDE.

Use matcher — it exists for a reason.

export const config = {
  matcher: ["/dashboard/:path*", "/settings/:path*"],
};

Stop acting like your login page is Area 51.

Doing Database Queries in Middleware… WHY?!

Middleware is edge runtime.

• SNo Node APIs.
• No direct DB drivers.
• Limited execution time.
• Meant to be fast AF.

If you're doing Prisma queries in Middleware, you’re not building an auth system — you’re building a Distributed Denial of Service (against yourself).

Use cookies / JWT / headers. Do NOT query databases there.

Logging Stuff in Middleware Like It’s StackOverflow Debug Mode

console.log("REQUEST:", request.url);
console.log("COOKIES:", request.cookies);
console.log("HEADERS:", request.headers);

Bro. It runs on. every. single. request.

Your logs are now 2GB per hour and your server is crying.

What Middleware Is Actually For

Use Middleware for lightweight request mutations only:

Middleware is not your backend. It’s your doorman.

He can check your ID… but he’s not supposed to interrogate your whole family tree.

Use it wisely. Your users (and your servers) will thank you.