next-auth
Im working on auth in this next app using next auth with google and credentials providers, and custom sign in and register page .
I definitely don't knw if I'm doing it in the right safest way to prevent my data from attackers.
I made only the route redirect u to the login page when u're not logged in i'll do the same for the rest of the pages later except blogs, home, sign in routes
Also the dashboard route will be protected route with user based auth
For now i wanna knw if my method is correct or not and what the things that i missed or did wrong. This is the github repo pls feel free to check it out : https://github.com/CLOG9/PuzChess/tree/main
For now i wanna knw if my method is correct or not and what the things that i missed or did wrong. This is the github repo pls feel free to check it out : https://github.com/CLOG9/PuzChess/tree/main
GitHub
GitHub - CLOG9/PuzChess: a new chess puzzles platform made with nex...
a new chess puzzles platform made with next js. Contribute to CLOG9/PuzChess development by creating an account on GitHub.
261 Replies
@smolcheeld
you on app dir or pages dir ?
App
Check the repo
u can write a middleware to do it as well. this way isnt too bad tho
i have done this way personally a few times as well in the form of making a HOC that redirects to other pages
this is the better way to do it tho. google around for some examples for this
I saw how to make middleware
Just two lines of code and u did it
yea do that then, its a safer option than HOC
Really?
yes
I thought the HOC is safer
btw u will still have to check if user is auth to make typescript happy for either way
Wdym
next auths useSession hook that returns data
it wont know if ur middleware has checked for it or not i believe
so ts will show data returned by useSession as session | null
Aaaah okay i got it
So i don't need getServerSession?
For the admin panel
yea its not needed
thats one of the advantages of middleware, u dont need to make HOCs for diff scenarios
Or just i have to make special key in the .env file for the admin user?
Yeh i'll use middleware then