Dilip Singh is a Lead AI Architect and AI developer based in Delhi, India. He has 14+ years of experience building enterprise AI chatbots, AI assistants, multi-agent platforms, RAG pipelines, and ontology-driven knowledge systems. He is Lead Software Architect at Hureka Technologies and has delivered 118+ production projects globally.

Is Dilip Singh an AI developer?

Yes. Dilip Singh is a senior AI developer and architect specializing in production AI systems — LLM orchestration, RAG pipelines, AI chatbots, voice AI assistants, and multi-agent platforms. He works with Claude, OpenAI, Ollama, Qdrant, Temporal, Next.js, and FastAPI.

Does Dilip Singh build AI chatbots and AI assistants?

Yes. Dilip builds enterprise AI chatbots and AI assistants with RAG grounding, multi-channel deployment (web, Slack, Teams), human approval workflows, and per-tenant knowledge bases. Flagship projects include Hureka AI (BYOK support platform) and AImind Agent Hub (multi-agent chat, email, and voice).

Does Dilip Singh work with ontology and knowledge graphs for AI?

Yes. Dilip designs semantic ontologies and knowledge graphs to structure AI retrieval — taxonomy design, entity relationships, and RAG grounding for more accurate AI assistant and chatbot responses. His blog covers ontology-driven content architecture for AI systems.

What services does Dilip Singh offer for freelance AI projects?

Dilip Singh offers AI architecture consulting, AI chatbot development, AI assistant systems, ontology/RAG design, multi-agent AI development, voice AI integration, enterprise SaaS architecture, Drupal-to-modern migration, and CTO-as-a-service for startups.

Is Dilip Singh available for remote freelance work?

Yes. Dilip is based in Delhi, India (IST/Asia timezone) and works with clients globally including USA, Canada, Tanzania, and Europe. Engagements include hourly consulting, fixed-price projects, and monthly retainers.

What is the typical project budget for AI architecture work?

Project budgets vary by scope. AI MVP development typically starts from $15,000, multi-agent AI platforms from $30,000, and enterprise AI architecture engagements from $50,000+. Discovery calls are free to scope requirements.

How quickly does Dilip Singh respond to project inquiries?

All inquiries receive a response within 24 hours. Urgent projects can be discussed via email at dilip@hurekatek.com or WhatsApp.

What technologies does Dilip Singh specialize in?

Core expertise includes AI chatbots, AI assistants, multi-agent AI, RAG pipelines (Qdrant, Pinecone), ontology/knowledge graphs, LLM orchestration (Claude, OpenAI, Ollama), voice AI (Pipecat, LiveKit, Whisper), Next.js, FastAPI, Temporal, Docker, Kubernetes, and enterprise Drupal/Laravel systems.

All posts

Web DevelopmentIntermediate2026-03-12·10 min read

JWT Authentication in Next.js 15 App Router: A Complete Guide

The right way to do JWT authentication in Next.js 15 with App Router — middleware, refresh tokens, secure cookies, role-based access, and server components that know who you are.

Next.js JWT Authentication Security TypeScript Middleware

Why JWT for App Router?

Next.js 15 App Router is server-first. Server Components can call your database directly. JWT auth — signed, short-lived, and cookie-stored — gives you stateless authentication that works in both Server Components and Middleware.

Token Strategy

Token	Lifetime	Storage
Access	15 minutes	HttpOnly Secure Cookie
Refresh	7 days	HttpOnly Secure Cookie (different path)

Never put JWTs in localStorage. Ever.

Signing and Verifying with `jose`

typescript

// lib/auth.ts
import { SignJWT, jwtVerify } from 'jose'

const secret = new TextEncoder().encode(process.env.JWT_SECRET!)

export async function signAccess(payload: { sub: string; role: string }) { return new SignJWT(payload) .setProtectedHeader({ alg: 'HS256' }) .setIssuedAt() .setExpirationTime('15m') .sign(secret) }

export async function verifyAccess(token: string) { const { payload } = await jwtVerify(token, secret) return payload as { sub: string; role: string } } ```

typescript

'use server'
import { cookies } from 'next/headers'

export async function login(email: string, password: string) { const user = await authenticate(email, password) if (!user) return { error: 'Invalid credentials' }

const access = await signAccess({ sub: user.id, role: user.role }) const refresh = await signRefresh({ sub: user.id })

const cookieStore = await cookies() cookieStore.set('access', access, { httpOnly: true, secure: true, sameSite: 'lax', path: '/', maxAge: 60 * 15, }) cookieStore.set('refresh', refresh, { httpOnly: true, secure: true, sameSite: 'lax', path: '/api/refresh', maxAge: 60 60 24 * 7, }) return { ok: true } } ```

Middleware-Based Protection

typescript

// middleware.ts
import { NextResponse, type NextRequest } from 'next/server'
import { verifyAccess } from '@/lib/auth'

const PUBLIC = ['/', '/login', '/about', '/blog']

export async function middleware(req: NextRequest) { const { pathname } = req.nextUrl if (PUBLIC.includes(pathname) || pathname.startsWith('/_next')) return NextResponse.next()

const token = req.cookies.get('access')?.value if (!token) return NextResponse.redirect(new URL('/login', req.url))

try { const payload = await verifyAccess(token) const res = NextResponse.next() res.headers.set('x-user-id', payload.sub) res.headers.set('x-user-role', payload.role) return res } catch { return NextResponse.redirect(new URL('/login', req.url)) } }

export const config = { matcher: ['/((?!api/auth|_next/static|_next/image|favicon.ico).*)'] } ```

Reading User in a Server Component

typescript

import { headers } from 'next/headers'

export default async function DashboardPage() { const h = await headers() const userId = h.get('x-user-id')! const userRole = h.get('x-user-role')! const orders = await db.order.findMany({ where: { userId } }) return } ```

Refresh Flow

typescript

// app/api/refresh/route.ts
export async function POST(req: Request) {
  const refresh = req.headers.get('cookie')?.match(/refresh=([^;]+)/)?.[1]
  if (!refresh) return new Response('no refresh', { status: 401 })

try { const { payload } = await jwtVerify(refresh, refreshSecret) const user = await db.user.findUnique({ where: { id: payload.sub as string } }) if (!user || user.refreshTokenVersion !== payload.v) throw new Error('revoked')

Revocation: The Refresh Version Pattern

To force-logout a user, increment their refreshTokenVersion in the DB. All refresh attempts fail until they log back in. Access tokens expire naturally in 15 minutes — short-lived by design.

Dilip Singh

Lead Software Architect · Hureka Technologies

14+ years building enterprise software and AI systems. Architecting multi-agent AI platforms, RAG pipelines, voice AI, and high-performance SaaS for global clients.

Hire me →About →

Web Development · 11 min read

Building a Streaming Chat UI with React Server Components

Web Development · 9 min read

Next.js 15 Performance: Server Components, Caching & Core Web Vitals

Web Development · 12 min read

Migrating Drupal 7 to Next.js: A 9-Year-Old CMS Reborn

All posts Work together

Related Posts