user17999103
Reputation:
restrict sign and signup page after auth nextauth nextjs
I'm trying to restrict sign and signup page after auth in nextauth nextjs through the given middleware:
import { getToken } from "next-auth/jwt";
import { NextResponse } from "next/server";
export async function middleware(req) {
const url = req.nextUrl.clone();
url.pathname = "/auth/new-user";
if (req.nextUrl.pathname === "/" || req.nextUrl.pathname === "/settings") {
const session = await getToken({
req,
secret: process.env.JWT_SECRET,
secureCookie: process.env.NODE_ENV === "production",
});
// You could also check for any property on the session object,
// like role === "admin" or name === "John Doe", etc.
if (!session) return NextResponse.redirect(url);
// If user is authenticated, continue.
}
}where it restricts the path '/' if the user is not auth which works great. but after auth the user is able to go back and see the sign in and sign up pages...
I was thinking of doing something like
if (!session){
return NextResponse.redirect(url);
}else{
return NextResponse.redirect('/')
}This still doesn't account for the other pages that need to be accounted for after the user is authenticated..
Upvotes: 0
Views: 1910
Answers (1)
user17999103
Reputation:
restrict make 2 different portions to differentiate between auth and after auth
export async function middleware(req) {
const auth = req.nextUrl.clone();
auth.pathname = "/auth/new-user";
const afterAuth = req.nextUrl.clone();
afterAuth.pathname = "/";
if (req.nextUrl.pathname === "/" || req.nextUrl.pathname === "/settings") {
const session = await getToken({
req,
secret: process.env.JWT_SECRET,
secureCookie: process.env.NODE_ENV === "production",
});
// You could also check for any property on the session object,
// like role === "admin" or name === "John Doe", etc.
if (!session) return NextResponse.redirect(auth);
// If user is authenticated, continue.
}
if (req.nextUrl.pathname === "/auth/new-user" || req.nextUrl.pathname === "/auth/signin") {
const session = await getToken({
req,
secret: process.env.JWT_SECRET,
secureCookie: process.env.NODE_ENV === "production",
});
// You could also check for any property on the session object,
// like role === "admin" or name === "John Doe", etc.
if (session) return NextResponse.redirect(afterAuth);
// If user is authenticated, continue.
}
}Upvotes: 0
Related Questions
- How to redirect in NextJS if not logged using nextAuth
- Custom sign in page not redirecting correctly in next auth
- next-auth.js with next.js middleware redirects to sign-in page after successful sign-in
- How to protect multiple routes from unauthorized access in Next.js using next-auth
- Next.js How to protect my website routes to authenticated users with NextAuth
- How to differentiate NextAuth user signin and signup?
- Next auth credentials
- Next-auth credential signup page
- How do I check auth state in a nextjs page
- How to redirect to login page for restricted pages in next.js?