Ten lines of middleware protect the entire portal

The authentication layer for the client portal is ten lines of code. One import for Clerk's middleware, one import for the route matcher. One line creates a matcher for everything under /portal. One function checks whether the current request matches that pattern and, if it does, calls auth.protect() to redirect unauthenticated users to sign-in. That is it. Every public page on the site — the homepage, the five service pages, the notes section, the checkout flow, the donation page — loads without any auth check. Every portal page — dashboard, projects, sessions, bookings, invoices, goals, settings, admin — requires a logged-in user. The line between public and protected is a single regex pattern. No per-route wrappers. No higher-order components. No auth checks scattered through page files. The middleware runs before any page renders, so an unauthenticated request never even reaches the React tree. When Clerk redirects you to sign-in and you complete the flow, the webhook has already synced your profile to the database. By the time the portal loads, your data is ready. Ten lines of middleware and a webhook. That is the entire auth story.