router-core/auth-and-guards

Installation
SKILL.md

Auth and Guards

This skill covers the routing side of auth. Route guards are UX and navigation control; the data/API boundary still belongs in the server function, server route, or API endpoint that reads or mutates private data. For the server-side primitives — session cookies (HttpOnly/Secure/SameSite), useSession-style helpers, OAuth state + PKCE, password-reset enumeration defense, CSRF, rate limiting — see start-core/auth-server-primitives.

CRITICAL: A route guard (beforeLoad) does NOT protect a createServerFn declared on that route. Server functions are API endpoints reachable independently of the route that calls them. See "Route guards do not protect server functions" below.

Setup

Protect routes with beforeLoad + redirect() in a pathless layout route (_authenticated):

// src/routes/_authenticated.tsx
import { createFileRoute, redirect } from '@tanstack/react-router'
Installs
Repository
tanstack/router
GitHub Stars
14.7K
First Seen
router-core/auth-and-guards — tanstack/router