Next.js 13 middleware passes empty body to the API route

ardabasoglu · October 6, 2023, 11:25am

My Next.js middleware doesn’t pass the request body to the next API route correctly. The issue arises with the “hasRequiredFields” function within the middleware, which checks for required fields in the body. This problem occurs when this function is called before reaching the next API route, but it’s specific to the Netlify server, not my local setup.

This is the middleware.ts located in the root of the Next.js app:

import { NextRequest, NextResponse } from "next/server"

export default async function middleware(req: NextRequest) {
  const endpoint: Endpoint | undefined = endpoints.find(
    endPoint => endPoint.path === req.nextUrl.pathname
  )
  if (!endpoint) {
    return forbid("Path not found")
  }
  if (endpoint.requiredFields) {
    const hasFields = await hasRequiredFields(req, endpoint)
    if (!hasFields) {
      return forbid("Missing required fields")
    }
  }
  return allow()
}

const hasRequiredFields = async (req: NextRequest, endpoint: Endpoint) => {
  // When this is called, the API route (req.nextUrl) which is transferred by allow() method receives an empty body
  // This only happens on Netlify, not on localhost
  const body = await req.json()
  return !endpoint.requiredFields || endpoint.requiredFields.every(field => field in body)
}

const forbid = (message: string) => {
  return new NextResponse(JSON.stringify({ message }), {
    status: 403,
    headers: {
      "content-type": "application/json"
    }
  })
}

const allow = () => {
  return NextResponse.next({
    headers: {
      "content-type": "application/json"
    }
  })
}

export const config = {
  matcher: ["/api/foo/:path*"]
}

interface Endpoint {
  path: string
  requiredFields?: string[]
}

const endpoints: Endpoint[] = [
  {
    path: "/api/foo/bar",
    requiredFields: ["foo"]
  }
]

This is the the API route code:

import { NextApiRequest, NextApiResponse } from "next"
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
  // "body" is empty on Netlify, when "hasRequiredFields" method is called in "middleware.ts
  // This only happens on Netlify, not on localhost
  const { body } = req
  res.status(200).json({ message: body })
}

export default handler

Site name: https://api-security--huudle.netlify.app/

hrishikesh · October 8, 2023, 12:55pm

Based on the discussion in the helpdesk:

The problem is you’re consuming the request body inside your middleware. As per the logs:

and the docs: Edge Functions API | Netlify Docs you need to pass the request again so that the request can be used. Unfortunately, NextResponse.next() only allows modifying headers: Functions: NextResponse | Next.js (nextjs.org) and doesn’t allow passing the request body. Thus, these two would not work together. I’d advise you to take a look at: Next.js Middleware on Netlify | Netlify Docs, which provides some extra support for handling the request body.

ardabasoglu · October 8, 2023, 7:03pm

Can you tell me how I can see those logs? I attempted to use the ‘MiddlewareRequest’ object, but I encountered an error that says, MiddlewareRequest only works in a Netlify Edge Function environment. Does this mean I can only use the middleware within a Netlify Edge Function?

hrishikesh · October 8, 2023, 7:05pm

Those logs are visible in your Edge Function logs. In the left navbar, go to Logs > Edge Functions.

Could you share where you got that error? I tried your codebase myself and did not run into that.

Middleware runs on Netlify Edge Functions, so yes. You can use it on Lambda, but it’s not going to work as you expect, so we should not consider it valid here.

ardabasoglu · October 8, 2023, 7:42pm

I’ve made updates to the code repository.

And this is a part of it:

import { NextRequest, NextResponse } from "next/server";
import { MiddlewareRequest } from "@netlify/next";

export default async function middleware(req: NextRequest) {
  const r = new MiddlewareRequest(req);
  const endpoint: Endpoint | undefined = endpoints.find(
    endPoint => endPoint.path === r.nextUrl.pathname
  )
  if (!endpoint) {
    return forbid("Path not found")
  }
  if (endpoint.requiredFields) {
    const hasFields = await hasRequiredFields(r, endpoint)
    if (!hasFields) {
      return forbid("Missing required fields")
    }
  }
  return allow()
}

ardabasoglu · October 8, 2023, 8:34pm

Is it possible that only main branch function logs are visible? Because, I can’t see any logs in the branch I’m testing this.

SamO · October 9, 2023, 6:37pm

Yes, it is possible to view function logs for branches other than the main branch.

To find functions on another deploy, you can use the search field at the top of the list on your site’s Functions page. You can start typing to jump to a particular branch, or find a Deploy Preview by number.

If you are looking for function logs for a specific deploy, you can access them by going to the Function logs tab of the Netlify Drawer in a collaborative Deploy Preview.

ardabasoglu · October 9, 2023, 6:54pm

I was referring to the Edge Function log, not the Functions log; I am unable to select a branch for the Edge Functions log.

hrishikesh · October 14, 2023, 5:27pm

You can click on Edge Functions in the deploy card:

that would take you to the logs of that deploy.

ardabasoglu · October 15, 2023, 7:31pm

Thank you for sharing the screenshot. Did you have a chance to review the updated codebase?

Topic		Replies	Views
How do I get Next.js middleware response with TypeScript? Support nextjs , edge_functions	3	2512	December 18, 2022
request.formData() on NextJs 13 RouterHandler throws error Support nextjs	11	13900	July 10, 2023
Why aren't my Netlify Functions finding a body? Support lambda-functions , nextjs	5	1653	December 10, 2022
Nextjs Api routes not working properly Support lambda-functions , nextjs	5	7231	March 30, 2023
Middleware does not work Support redirects , nextjs	2	737	August 11, 2023

Next.js 13 middleware passes empty body to the API route

Related topics