Public front door
Keep the homepage indexable, shareable, and accessible to every visitor.
The marketing site stays open for campaigns, search engines, and referrals. Authentication only appears when someone moves into the protected product area.
Route split
Public landing.
Protected app.
A clean separation between your marketing site and authenticated product. Visitors browse freely, users sign in with a magic link, routes stay protected.
Public
/
Marketing and landing. Open to everyone.
Magic linkv
Protected
/app
Authenticated product. Magic-link access only.
How it works
Two routes, one codebase.
Protected product
Everything behind /app requires a session.
Auth middleware guards the product route tree and redirects guests to sign in before any protected content renders.
Magic-link authentication
No passwords to manage. Users receive a sign-in link by email and land directly in the product.
Route-level middleware
Auth checks apply to the entire /app tree. Public pages stay open by default without per-page gating.
Clean route separation
Marketing and product routes are structurally separated, so each surface can evolve without coupling.
The flow
From visitor to authenticated user in three moves.
No account creation form. No password. Just an email and a protected route tree.
01
Public entry
Visitors arrive at the public marketing page. No sign-in is required to browse the landing experience.
02
Magic-link sign in
Click sign in, enter an email, and request a one-time link. There is no password form in the path.
03
Protected app access
The magic link authenticates the session and redirects into /app, where dashboards and internal workflows live.
Ready to ship?
Fork the repo, deploy, and have a working authenticated app in minutes.