Best way to handle redirecting non-authorized users while still allowing cache components

[brad-decker]

Summary

Our platform has some private auctions on it (less than 1% of auctions are private). To protect these pages from being viewed by the public, I have a guard that runs at the page level (note this code used to exist within the page component itself, but as part of working towards refactoring to use cache components, I have extracted it to a helper so that I can await params inside of this helper)

export default async function auctionPageAccessGuard({
  params,
}: {
  params: Promise<{ slug: string }>;
}) {
  const { auctionModel } = await import('@/lib/contentful');
  const { auth0 } = await import('@/lib/auth0');
  const { notFound, redirect } = await import('next/navigation');
  const { CampaignMember } = await import('@repo/salesforce/CampaignMember');
  const { slug } = await params;

  const auction = await auctionModel.getBySlug(slug);

  if (!auction) {
    return notFound();
  }

  if (auction.isPrivateAuction) {
    const session = await auth0.getSession();

    const approvedMembers = await CampaignMember.getApprovedForPrivateAuction(
      auction.campaignId || '',
    );

    const validatedEmails = [
      ...approvedMembers.map((member) => member.Campaign_Member_Email__c),
      ...(auction.authorizedUsers ?? []),
    ];

    if (
      !session ||
      !session.user ||
      !session.user.email ||
      validatedEmails.includes(session.user.email) === false
    ) {
      return redirect(`/private-auction?attemptAccess=${auction.sys.id}`);
    }
  }
}

I need this code to run and redirect before any data about the page, even Metadata, is returned. The private auction details cannot be leaked to the public or indexed by search engines.

However, it's a let-down that because of the <1% I cannot render the majority of our auctions using cached components (or maybe I'm just not understanding the paradigm fully). Has anyone done something similar or have tips for me?

Additional information

No response

Example

No response