palicz Comments - Answer Overflow

Topics

palicz

•Created by palicz on 3/1/2025 in #help

Route based access control

Oh, I got it my bad

5 replies

•Created by palicz on 3/1/2025 in #help

Route based access control

Thanks! But this is not exactly what I meant, I want to create protected rotues, like the '/dashboard' should only be accessible for logged in users, and '/admin' should only be accessible for admin role users.

5 replies

•Created by palicz on 2/21/2025 in #help

ngrok for webhooks

Alright, but i'm running ngrok with concurrently, so I would like to be able to use localhost:3000 and the ngrok url as well.

4 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

I barely found anything in the docs about how to structure an optimal middleware.

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

Could I contact you in private for not so better-auth connected questions about NextJS?

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

Understandable, great to know!

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

But does the cookie method have any disadvantages?

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

If I find issues with performance for these routes, I will implement what you adviced

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

I don't find performance issues just yet but I want to implement metrics somehow to actually see if the performance of the page.

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

Because performance is what I need mostly

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

So that's why I wanted to know if there's a better way of implementing this

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

I'm doing my Uni thesis, and that's what I need it for, but I need my app to be insanely fast (at least the teacher should think that it is)

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

Later I will have buttons that will have an action, but won't work without sessions. I think I don't need the middleware for that.

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

I think this is all for now

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

Well I'll have the dashboard which is the user's settings page. I'll have the admin routes for admin users, and the sign in page is no longer accessible if the user is logged in.

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

This is my middleware.ts for now. It gets the job done, but I don't know if I did anything that's not supposed to be

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

import { betterFetch } from '@better-fetch/fetch';
import { type NextRequest, NextResponse } from 'next/server';

import type { auth } from '@/lib/auth';

// Define Session type based on auth module's session type
type Session = typeof auth.$Infer.Session;

/**
 * Middleware to protect routes by checking if user is authenticated
 * @param request - The incoming Next.js request object
 * @returns NextResponse with either redirect or next()
 */
export default async function authMiddleware(request: NextRequest) {
  // Fetch the current session by making API call to auth endpoint
  const { data: session } = await betterFetch<Session>(
    '/api/auth/get-session',
    {
      baseURL: request.nextUrl.origin,
      headers: {
        // Get the cookie from the request headers
        cookie: request.headers.get('cookie') || '',
      },
    },
  );

  // If no session exists, redirect to sign-in page
  const isSignInRoute = request.nextUrl.pathname === '/sign-in';
  if (!session && !isSignInRoute) {
    return NextResponse.redirect(new URL('/sign-in', request.url));
  }

  if (session && isSignInRoute) {
    // Redirect signed-in users attempting to access sign-in page
    return NextResponse.redirect(new URL('/', request.url));
  }
  // Check if route requires admin access
  const isAdminRoute = request.nextUrl.pathname.startsWith('/admin');
  if (isAdminRoute && session?.user.role !== 'admin') {
    // Redirect non-admin users attempting to access admin routes
    return NextResponse.redirect(new URL('/', request.url));
  }

  // Otherwise allow request to continue
  return NextResponse.next();
}

// Configure which routes this middleware should run on
export const config = {
  matcher: ['/dashboard', '/admin/:path*', '/sign-in'],
};

import { betterFetch } from '@better-fetch/fetch';
import { type NextRequest, NextResponse } from 'next/server';

import type { auth } from '@/lib/auth';

// Define Session type based on auth module's session type
type Session = typeof auth.$Infer.Session;

/**
 * Middleware to protect routes by checking if user is authenticated
 * @param request - The incoming Next.js request object
 * @returns NextResponse with either redirect or next()
 */
export default async function authMiddleware(request: NextRequest) {
  // Fetch the current session by making API call to auth endpoint
  const { data: session } = await betterFetch<Session>(
    '/api/auth/get-session',
    {
      baseURL: request.nextUrl.origin,
      headers: {
        // Get the cookie from the request headers
        cookie: request.headers.get('cookie') || '',
      },
    },
  );

  // If no session exists, redirect to sign-in page
  const isSignInRoute = request.nextUrl.pathname === '/sign-in';
  if (!session && !isSignInRoute) {
    return NextResponse.redirect(new URL('/sign-in', request.url));
  }

  if (session && isSignInRoute) {
    // Redirect signed-in users attempting to access sign-in page
    return NextResponse.redirect(new URL('/', request.url));
  }
  // Check if route requires admin access
  const isAdminRoute = request.nextUrl.pathname.startsWith('/admin');
  if (isAdminRoute && session?.user.role !== 'admin') {
    // Redirect non-admin users attempting to access admin routes
    return NextResponse.redirect(new URL('/', request.url));
  }

  // Otherwise allow request to continue
  return NextResponse.next();
}

// Configure which routes this middleware should run on
export const config = {
  matcher: ['/dashboard', '/admin/:path*', '/sign-in'],
};

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

It complitely ruined the terminate session-like stuff

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

The commented part

66 replies

•Created by palicz on 1/20/2025 in #help

Protected routes

No description

66 replies