Can I implement Role-Based Access Control (RBAC) with this?

Absolutely. The skill provides templates for checking user roles and permissions directly within the middleware to handle conditional redirects or access denial.

What is the 'deny by default' principle in this skill?

It ensures all routes are protected automatically by the middleware unless they are explicitly defined as public, reducing the risk of accidentally exposing sensitive pages.

Does this skill support the Next.js App Router?

Yes, it includes specific patterns and configurations optimized for Next.js 13+ App Router and execution on the Edge Runtime.

How does it help with infinite redirect loops?

It provides best-practice matcher configurations that ensure sign-in and sign-up pages are correctly excluded from protection logic that triggers redirects.

Clerk Middleware Protection

Name: Clerk Middleware Protection
Author: vanman2024

byvanman2024

セキュリティとテスト

Implements secure route guards and authorization patterns using Clerk middleware for Next.js applications.

概要

This skill provides comprehensive guidance and implementation patterns for securing Next.js applications at the edge using Clerk middleware. It enables Claude to intelligently configure route matchers, define public versus protected boundaries, and implement advanced security features like Role-Based Access Control (RBAC) and organization-level isolation. By following a 'deny-by-default' security philosophy, this skill ensures that sensitive data and API endpoints remain protected while maintaining a seamless user authentication flow.

主な機能

Implements sophisticated route matcher patterns for public and private access
Includes validation patterns to prevent infinite redirect loops and auth leaks
Provides security-first templates for API route and webhook protection
Sets up Role-Based Access Control (RBAC) and organization-level permissions
0 GitHub stars
Configures Edge-ready Clerk middleware for both Next.js App and Pages routers

ユースケース

Implementing multi-tenant organization isolation and access control in a SaaS app
Securing a Next.js dashboard with specific public landing and authentication pages
Restricting API endpoint access based on custom user roles or metadata

概要

主な機能

Implements sophisticated route matcher patterns for public and private access
Includes validation patterns to prevent infinite redirect loops and auth leaks
Provides security-first templates for API route and webhook protection
Sets up Role-Based Access Control (RBAC) and organization-level permissions
0 GitHub stars
Configures Edge-ready Clerk middleware for both Next.js App and Pages routers

ユースケース

Implementing multi-tenant organization isolation and access control in a SaaS app
Securing a Next.js dashboard with specific public landing and authentication pages
Restricting API endpoint access based on custom user roles or metadata