hantoren
Reputation: 1235
How to handle authorization with Next.js 13
Initial situation: I have two server-side cookies (httponly) named accessToken and refreshToken. The payload looks like this:
{
"user":{
"firstname":"John",
"lastname":"Doe",
"roles":[
"accounting",
"supporter"
]
}
}
Goal: Handle server-side authorization with Next.js 13 (app folder-based). Some routes should be protected and only accessible to some users with specific roles.
Example:
- GET /login should be accessible to everyone
- GET /dashboard for authorized users only
- GET /accounting only for users with the accounting role
- GET /admin only for users with the role admin
Upvotes: 2
Views: 1131
Answers (1)
Yilmaz
Reputation: 49351
you could write a middleware. in next13 middleware file is in the same directory as package.json and it should be middleware.js (or .ts).
export async function middleware(req: NextRequest, res: NextResponse) {
// get all the cookies
let cookies = req.cookies.getAll();
// read those cookies. based on cookies you decide which paths can be visited
const isAuthorized="define logic if the the user authorized"
console.log("req.pathname", req.nextUrl.pathname);
const currentPath = req.nextUrl.pathname;
if (currentPath==="/dashboard" && isAuthorized ){
// you allow the user to visit this page
return NextResponse.next()
}
// similarly add logic for other cases
}
Upvotes: 1
Related Questions
- Next-Auth signIn with Credentials is not working in NextJS
- How to implement credentials authorization in Next.js with next-auth?
- Next Auth with external Node.js API
- Next auth v4 with Next.js middleware
- Nextjs authentication
- Next auth credentials
- How can i get next-auth session in nextjs 12 middlware
- Next.js JWT authentication
- NextJs protected API with Next Auth
- Next JS API calls with auth0