Nextjs Guideline: Middleware — Use middleware for auth. Description: Protect routes with middleware.ts. Do: middleware.ts at root. Don't: Auth check in every page. Good Example: export function middleware(request). Bad Example: if (!session) redirect in page. Severity: Medium. Docs: https://nextjs.org/docs/app/building-your-application/routing/middleware.