T
Join ServertRPC
❓-help
express-session for tRPC
I am using express-session for all my servers to create session authentication.
Is there something for tRPC that you can recommend, to get session authentication?
Is there something for tRPC that you can recommend, to get session authentication?
does anyone know a repo, that uses cookie authentication where the session-id is stored in a database/redis/memory and where on every request the user is queried and store in the req object?
you can send the auth cookie or similar with the request in the headers
(https://trpc.io/docs/client/setup)
then define a middleware that uses the auth to find a matching session (in your redis etc.)
(https://trpc.io/docs/server/middlewares)
(https://trpc.io/docs/client/setup)
httpBatchLink({
url: 'http://localhost:3000/trpc',
// You can pass any HTTP headers you wish here
async headers() {
return {
authorization: getAuthCookie(),
};
},
}),then define a middleware that uses the auth to find a matching session (in your redis etc.)
(https://trpc.io/docs/server/middlewares)
const hasSession = middleware(async (opts) => {
const { req } = opts;
// get session from redis etc.
const session = await getSessionFromRedis(req.headers);
if (!session) {
throw new TRPCError({ code: 'UNAUTHORIZED' });
}
return opts.next({
ctx: {
user: session.user,
},
});
});@tomheaton
but where do you set the cookie properties?
but where do you set the cookie properties?
the max age, the signature secret, its behavior and so on?
You can use express session as normal with trpc No magic Here. You dont need anything specilal just for trpc. Trpc is based on the req/res from express so you have access to the req.session within trpc routes.
this is how I setup my session with express-session:
Is there an equivalent for next-auth?
app.use(
session({
name: "COOKIE_ID",
store: new RedisStore({
client: redis,
disableTouch: true,
}),
cookie: {
maxAge: 1000 * 60 * 60 * 24, // 1 day
httpOnly: true,
sameSite: "lax", // reLAXed CSRF - Cross Site Request Forgery
secure: true, // cookie only works in https
domain: ".myapp.com", // cookie only works if request comes from this domain
},
saveUninitialized: false, // not every session will be stored, only modified once
secret: "very complicated string", // this string is used to sign the cookie and protect it from modifications.
resave: false, // will not save the session in store on every request, only if was modified
})
);Is there an equivalent for next-auth?
You need an adapter with next-auth. I see u use redis with express. Then either use up-stash adapter for redis or you need to roll out your own adapter for redis. There is custom adapter for redis on next-auth issues or discussions as I was in need for one too. You have to look for it
https://next-auth.js.org/adapters
https://authjs.dev/reference/adapter/upstash-redis
https://authjs.dev/guides/adapters/using-a-database-adapter
https://authjs.dev/concepts/faq#databases
https://authjs.dev/reference/adapters
https://next-auth.js.org/adapters
https://authjs.dev/reference/adapter/upstash-redis
https://authjs.dev/guides/adapters/using-a-database-adapter
https://authjs.dev/concepts/faq#databases
https://authjs.dev/reference/adapters
vercel just announced
vercel-kv 🙌