bennettdev
bennettdev
Explore posts from servers
TTCTheo's Typesafe Cult
Created by bennettdev on 2/18/2023 in #questions
Presigned URLs (S3 upload): file type verification, image transformation & cleanup/delete
Please let me know if you have any more info on this!
5 replies
TTCTheo's Typesafe Cult
Created by bennettdev on 2/18/2023 in #questions
Presigned URLs (S3 upload): file type verification, image transformation & cleanup/delete
What exactly do you mean with "look at the file contents"? AFAIK you can only check the MIME type by "downloading" the file, which we don't want to do in the serverless function.
5 replies
TTCTheo's Typesafe Cult
Created by bennettdev on 2/18/2023 in #questions
Presigned URLs (S3 upload): file type verification, image transformation & cleanup/delete
@jannis.gg Yes and no, I implemented some workarounds like so: 1. Verify file type When a user uploads a file, I also save the file extension in the DB. So when I fetch the image, I include the extension manually for the path. But I still have no way to verify the file type for the MIME types. 2. Image transformation Not really. Maybe I have to implement some kind of webhook to inform the API about a completed upload that itself triggers a GitHub action or so. I think Uploadthing's "onUploadComplete" does something similar. But I haven't found time to do so. 3. Cleanup old images I now actually save the images in specific S3 folders. The path is the image ID I also save in the DB (e.g. /avatars/user123/my-image.png). So when a user updates his avatar, I first use the AWS SDK to delete the whole folder (here: /avatars/user123/), that way I don't have to remember old/other folder paths. This implicitly means that there can only be ONE image per user.
5 replies
TTCTheo's Typesafe Cult
Created by bennettdev on 4/8/2023 in #questions
How to disable site/deployment/auth temporarily? (Vercel)
Thanks, @Tomsize ! I don't want to have this middleware slow down every request, but it made me realize I can just keep this file in my app and comment it out completely and then uncomment the file as soon as I need it. I also chose a slightly different implementation that does not rely on the env vars/edge config:
import type { NextRequest } from 'next/server'
import { NextResponse } from 'next/server'

const maintenancePath = '/maintenance'

export function middleware(request: NextRequest) {
// allowed paths, even in maintenance mode
if (
request.nextUrl.pathname.startsWith(maintenancePath) ||
request.nextUrl.pathname.startsWith('/_next/static') ||
request.nextUrl.pathname.startsWith('/favicon.ico')
) {
return NextResponse.next()
}

// all API requests respond with an error
if (request.nextUrl.pathname.startsWith('/api')) {
return NextResponse.error()
}

// all routes will be redirected to maintenance page
return NextResponse.redirect(new URL(maintenancePath, request.url))
}
import type { NextRequest } from 'next/server'
import { NextResponse } from 'next/server'

const maintenancePath = '/maintenance'

export function middleware(request: NextRequest) {
// allowed paths, even in maintenance mode
if (
request.nextUrl.pathname.startsWith(maintenancePath) ||
request.nextUrl.pathname.startsWith('/_next/static') ||
request.nextUrl.pathname.startsWith('/favicon.ico')
) {
return NextResponse.next()
}

// all API requests respond with an error
if (request.nextUrl.pathname.startsWith('/api')) {
return NextResponse.error()
}

// all routes will be redirected to maintenance page
return NextResponse.redirect(new URL(maintenancePath, request.url))
}
5 replies
TTCTheo's Typesafe Cult
Created by T on 1/25/2023 in #questions
Protected routes in Nextjs?
When on the server (like getServerSideProps and in the middleware), you can always use getServerAuthSession, as the session is part of the request. See: https://create.t3.gg/en/usage/next-auth#retrieving-session-server-side
55 replies
TTCTheo's Typesafe Cult
Created by T on 1/25/2023 in #questions
Protected routes in Nextjs?
I can highly recommend using Next.js' middleware instead of redirecting from getServerSideProps. Imagine you will have more pages in the future, but maybe one of them is statically generated or uses ISR (via getStaticProps) - you cannot protect static pages because you don't have a request to check on the server (like in gSSP). Middleware instead runs on the server for EVERY route, no matter if server-side rendered or statically generated. It is therefore "one place to do all". There are some examples for this, just google "middleware authentication" or "middleware protected".
55 replies
TTCTheo's Typesafe Cult
Created by bennettdev on 12/27/2022 in #questions
Custom field name or rename field in model for NextAuth.js (Prisma adapter)
ah I guess the code in NextAuth.js' Prisma adapter is still not aware of the different field name....
19 replies
TTCTheo's Typesafe Cult
Created by bennettdev on 12/27/2022 in #questions
Custom field name or rename field in model for NextAuth.js (Prisma adapter)
@Samathingamajig Maybe this can be done with Prisma's @map functionality? Something like:
model User {
userId String @id @default(cuid()) @map("id")
model User {
userId String @id @default(cuid()) @map("id")
19 replies
TTCTheo's Typesafe Cult
Created by bennettdev on 12/27/2022 in #questions
Custom field name or rename field in model for NextAuth.js (Prisma adapter)
did this before posting here, haven't found anything
19 replies
TTCTheo's Typesafe Cult
Created by bennettdev on 12/27/2022 in #questions
Custom field name or rename field in model for NextAuth.js (Prisma adapter)
gonna create a feature request at NextAuth.js
19 replies
TTCTheo's Typesafe Cult
Created by bennettdev on 12/27/2022 in #questions
Custom field name or rename field in model for NextAuth.js (Prisma adapter)
okay, good to know. Still, having a speaking id is more important to me
19 replies
TTCTheo's Typesafe Cult
Created by bennettdev on 12/27/2022 in #questions
Custom field name or rename field in model for NextAuth.js (Prisma adapter)
thanks for your input
19 replies