Private, Public and Protected Pages

Overview

There are three main types of page access in this boilerplate:

1. Public pages

• Pages without any special layout or middleware protection
• Accessible to all visitors
• Example: Home page, landing pages, public documentation
• No authentication required

2. Private pages

• Protected by the middleware
• Requires user authentication (login)
• Defined in the middleware configuration
• Redirects to login if user is not authenticated
• Example: User dashboard, account settings

1// middleware.ts in the root folder
2const isProtectedRoute = createRouteMatcher([
3  "/dashboard(.*)",
4  "/todos-client(.*)",
5  "/todos-server(.*)",
6]);

To add or edit protected routes, modify the isProtectedRoute constant.

3. Protected pages

Protected pages are pages that require a user to be "active" in the database, meaning they have bought your product or have an active subscription. In order to redirect non-active users to another page if they try to access a protected page, you can use this code and add it to the corresponding layout of your page path:

1const user = await getCurrentUser();
2
3if (!user || !user.active) {
4  // user is not active
5  redirect("/");
6}

You can see an example of this behavior in the /app/dashboard/layout.tsx. By default, the Dashboard is a protected page in StartupFast.

Summary

StartupFast has a hierarchical access control system:

• Public: no checks
• Private: authentication check
• Protected: authentication + active status check

NOTE: Refer to the Authentication Setup to set up your authentication if you haven't already done it.