Securing the API routes at the edge with prisma & next-auth?

[gablabelle]

Hello all, hello @steven-tey,

I was looking at the middleware.ts setup and at the following API routes and they do not require auth to be used:

• https://github.com/vercel/platforms/blob/main/app/api/generate/route.ts
• https://github.com/vercel/platforms/blob/main/app/api/upload/route.ts

So everybody could simply use these API endpoints without being authenticated. This is problematic, especially for the first one connecting to OpenAI. Someone could be using this starter kit and wake up with a bad surprise when all of his credits have disappeared due to this endpoint not being protected with auth.

I was looking into this because I was wondering how you guys did the set up of next-auth & prisma at the edge, but now I see that you simply don't.

Maybe the fact that next-auth & prisma at the edge don't seem to be gracefully supported yet is exactly for the reason that you chose not to secure the routes? IDK 😉 🤷‍♂️