hantoren
Reputation: 1235
Handling user authorization in Next.Js
I'm trying to implement role-based access control (RBAC) for my API endpoint using Next.js and Drizzle ORM. The API receives an accessToken (JWT) containing a payload with userId and roles, where roles are an array of strings. Each role is associated with a set of permissions. For example, the endpoint GET /v1/users requires the User.Read.All permission. Currently, for each request, I fetch all permissions related to the roles from the database, which might increase the database load. Is this how RBAC typically works, or is there a way to avoid fetching all permissions for every request? Also, is this load a significant issue for a PostgreSQL database (using Supabase and Drizzle ORM)?
Upvotes: 0
Views: 104
Answers (0)
Related Questions
- How to Handle transaction with Nextjs 14 and Drizzle ORM
- Google OAuth 2 authorization - Error: redirect_uri_mismatch
- How to declare and query with relations using Drizzle?
- Authentication versus Authorization
- Best way to store tokens in Next.js for authentication
- How to handle authorization with Next.js 13
- SPA best practices for authentication and session management
- Fine grained authorization in ServiceStack API