diff --git a/README.md b/README.md
index 5ecd808..d0ae635 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,4 @@
-# Water utility portal
-
-## To do
-
-- [ ] Get premium Vercel account for database
-- [ ] Add middleware for authentication
+# Auth0 demo
 
 ## Commands
 
diff --git a/app/api/protected/customer-form/[id]/route.ts b/app/api/protected/customer-form/[id]/route.ts
index b1646be..8bbdc61 100644
--- a/app/api/protected/customer-form/[id]/route.ts
+++ b/app/api/protected/customer-form/[id]/route.ts
@@ -1,22 +1,26 @@
-import { getSession, withApiAuthRequired } from '@auth0/nextjs-auth0';
+import { getSession } from '@auth0/nextjs-auth0';
 import prisma from '@prisma/prisma';
 import { createErrorResponse } from '@utils/createErrorResponse';
 import { validateApiRequestContext } from '@utils/validateApiRequestContext';
-import { NextResponse } from 'next/server';
+import { NextRequest, NextResponse } from 'next/server';
 
-export const GET = withApiAuthRequired(async (_, context) => {
+export async function GET(
+  request: NextRequest,
+  context: { params: { id: string } }
+) {
   const session = await getSession();
+  if (!session || !session.user) {
+    return createErrorResponse('Unauthorized', 401);
+  }
 
   let params;
-
   try {
     params = validateApiRequestContext(context);
   } catch (error) {
     return createErrorResponse('Internal server error', 500);
   }
 
-  const userEmail = session?.user?.email;
-
+  const userEmail = session.user.email;
   if (!userEmail) {
     return createErrorResponse('Session not found or invalid', 401);
   }
@@ -45,34 +49,44 @@ export const GET = withApiAuthRequired(async (_, context) => {
     console.error('Error fetching customer form:', error);
     return createErrorResponse('Internal server error', 500);
   }
-});
+}
 
-export const DELETE = withApiAuthRequired(async (_, context) => {
+export async function DELETE(
+  request: NextRequest,
+  context: { params: { id: string } }
+) {
   const session = await getSession();
+  if (!session || !session.user) {
+    return createErrorResponse('Unauthorized', 401);
+  }
 
   let params;
-
   try {
     params = validateApiRequestContext(context);
   } catch (error) {
     return createErrorResponse('Internal server error', 500);
   }
 
-  const result = await prisma.customerForm.delete({
-    where: {
-      id: params.id,
-      createdBy: {
-        email: session?.user.email
+  try {
+    const result = await prisma.customerForm.delete({
+      where: {
+        id: params.id,
+        createdBy: {
+          email: session.user.email
+        }
       }
+    });
+
+    if (!result) {
+      return NextResponse.json(
+        { success: false, message: 'Something went wrong.' },
+        { status: 500 }
+      );
     }
-  });
 
-  if (!result) {
-    return NextResponse.json(
-      { success: false, message: 'Something went wrong.' },
-      { status: 500 }
-    );
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    console.error('Error deleting customer form:', error);
+    return createErrorResponse('Internal server error', 500);
   }
-
-  return NextResponse.json({ success: true });
-});
+}
diff --git a/app/api/protected/customer-form/route.ts b/app/api/protected/customer-form/route.ts
index 43c4317..ce24e57 100644
--- a/app/api/protected/customer-form/route.ts
+++ b/app/api/protected/customer-form/route.ts
@@ -1,9 +1,9 @@
-import { getSession, withApiAuthRequired } from '@auth0/nextjs-auth0';
+import { getSession } from '@auth0/nextjs-auth0';
 import { CustomerForm } from '@prisma/client';
 import prisma from '@prisma/prisma';
-import { NextResponse } from 'next/server';
+import { NextRequest, NextResponse } from 'next/server';
 
-export const GET = withApiAuthRequired(async () => {
+export async function GET() {
   const session = await getSession();
 
   try {
@@ -25,9 +25,9 @@ export const GET = withApiAuthRequired(async () => {
       { status: 500 }
     );
   }
-});
+}
 
-export const POST = withApiAuthRequired(async request => {
+export async function POST(request: NextRequest) {
   try {
     const session = await getSession();
 
@@ -59,4 +59,4 @@ export const POST = withApiAuthRequired(async request => {
       { status: 500 }
     );
   }
-});
+}
diff --git a/app/api/protected/profile/route.ts b/app/api/protected/profile/route.ts
index 31da177..aee4125 100644
--- a/app/api/protected/profile/route.ts
+++ b/app/api/protected/profile/route.ts
@@ -1,12 +1,12 @@
 import { NextResponse } from 'next/server';
 
-import { getSession, withApiAuthRequired } from '@auth0/nextjs-auth0';
+import { getSession } from '@auth0/nextjs-auth0';
 
-export const GET = withApiAuthRequired(async () => {
+export async function GET() {
   const session = await getSession();
 
   return NextResponse.json({
     success: true,
     data: { email: session?.user.email }
   });
-});
+}
diff --git a/app/customer-form/[id]/page.tsx b/app/customer-form/[id]/page.tsx
index a4f7718..20221bd 100644
--- a/app/customer-form/[id]/page.tsx
+++ b/app/customer-form/[id]/page.tsx
@@ -1,12 +1,11 @@
 'use client';
 
-import { withPageAuthRequired } from '@auth0/nextjs-auth0/client';
 import { CustomerForm, CustomerFormSchema } from '@utils/types';
 import axios from 'axios';
 import { useRouter } from 'next/navigation';
 import { useEffect, useState } from 'react';
 
-export default withPageAuthRequired(function SingleCustomerForm({
+export default function SingleCustomerForm({
   params
 }: {
   params: { id: string };
@@ -75,4 +74,4 @@ export default withPageAuthRequired(function SingleCustomerForm({
       </button>
     </div>
   );
-});
+}
diff --git a/app/customer-form/page.tsx b/app/customer-form/page.tsx
index 8f23c96..7c61cac 100644
--- a/app/customer-form/page.tsx
+++ b/app/customer-form/page.tsx
@@ -1,6 +1,5 @@
 'use client';
 
-import { withPageAuthRequired } from '@auth0/nextjs-auth0/client';
 import { Button } from '@components/Button';
 import { FormControl } from '@components/FormControl';
 import { FormMessage } from '@components/FormMessage';
@@ -21,7 +20,7 @@ import { useRouter } from 'next/navigation';
 import { useEffect, useState } from 'react';
 import { FormProvider, useForm } from 'react-hook-form';
 
-export default withPageAuthRequired(function CustomerForms() {
+export default function CustomerForms() {
   const router = useRouter();
   const [customerForms, setCustomerForms] = useState<CustomerForm[]>([]);
 
@@ -139,4 +138,4 @@ export default withPageAuthRequired(function CustomerForms() {
       </div>
     </div>
   );
-});
+}
diff --git a/middleware.ts b/middleware.ts
new file mode 100644
index 0000000..6f9d401
--- /dev/null
+++ b/middleware.ts
@@ -0,0 +1,14 @@
+import { withMiddlewareAuthRequired } from '@auth0/nextjs-auth0/edge';
+import { NextResponse } from 'next/server';
+
+export default withMiddlewareAuthRequired({
+  async middleware() {
+    const res = NextResponse.next();
+    return res;
+  },
+  returnTo: '/api/auth/login'
+});
+
+export const config = {
+  matcher: ['/api/protected/:path*', '/customer-form/:path*']
+};