1 reply

Next.js RBAC

Next.js

Hi, I want to do simple RBAC on my routes in nextjs, current strategy involves something like this:

export const routeRoleMap: Record<string, UserRole> = {
  "/dashboard": "user",
  "/dashboard/settings": "admin",
  "/dashboard/form": "admin",
};

export async function proxy(request: NextRequest) {
  const session = await auth.api.getSession(request);

  if (!session) {
    return NextResponse.redirect(new URL("/application", request.url));
  }

  const pathname = request.nextUrl.pathname;

  const matchedRoute = Object.keys(routeRoleMap)
    .sort((a, b) => b.length - a.length)
    .find((route) => pathname.startsWith(route));

  if (matchedRoute) {
    const requiredRole: UserRole = routeRoleMap[matchedRoute];

    if (!isBetter(session.user.role, requiredRole)) {
      return unauthorized();
    }
  }

  return NextResponse.next();
}

export const config = {
  matcher: [
    "/((?!api|my-application|application|login|_next/static|_next/image|.*\\.(?:png|svg)$).*)",
  ],
};

export const routeRoleMap: Record<string, UserRole> = {
  "/dashboard": "user",
  "/dashboard/settings": "admin",
  "/dashboard/form": "admin",
};

export async function proxy(request: NextRequest) {
  const session = await auth.api.getSession(request);

  if (!session) {
    return NextResponse.redirect(new URL("/application", request.url));
  }

  const pathname = request.nextUrl.pathname;

  const matchedRoute = Object.keys(routeRoleMap)
    .sort((a, b) => b.length - a.length)
    .find((route) => pathname.startsWith(route));

  if (matchedRoute) {
    const requiredRole: UserRole = routeRoleMap[matchedRoute];

    if (!isBetter(session.user.role, requiredRole)) {
      return unauthorized();
    }
  }

  return NextResponse.next();
}

export const config = {
  matcher: [
    "/((?!api|my-application|application|login|_next/static|_next/image|.*\\.(?:png|svg)$).*)",
  ],
};

is this correct pattern? is it too slow because of the

getSession

getSession

invocation?

Next.js RBAC

Next.js

Hi, I want to do simple RBAC on my routes in nextjs, current strategy involves something like this:

export const routeRoleMap: Record<string, UserRole> = {
  "/dashboard": "user",
  "/dashboard/settings": "admin",
  "/dashboard/form": "admin",
};

export async function proxy(request: NextRequest) {
  const session = await auth.api.getSession(request);

  if (!session) {
    return NextResponse.redirect(new URL("/application", request.url));
  }

  const pathname = request.nextUrl.pathname;

  const matchedRoute = Object.keys(routeRoleMap)
    .sort((a, b) => b.length - a.length)
    .find((route) => pathname.startsWith(route));

  if (matchedRoute) {
    const requiredRole: UserRole = routeRoleMap[matchedRoute];

    if (!isBetter(session.user.role, requiredRole)) {
      return unauthorized();
    }
  }

  return NextResponse.next();
}

export const config = {
  matcher: [
    "/((?!api|my-application|application|login|_next/static|_next/image|.*\\.(?:png|svg)$).*)",
  ],
};

export const routeRoleMap: Record<string, UserRole> = {
  "/dashboard": "user",
  "/dashboard/settings": "admin",
  "/dashboard/form": "admin",
};

export async function proxy(request: NextRequest) {
  const session = await auth.api.getSession(request);

  if (!session) {
    return NextResponse.redirect(new URL("/application", request.url));
  }

  const pathname = request.nextUrl.pathname;

  const matchedRoute = Object.keys(routeRoleMap)
    .sort((a, b) => b.length - a.length)
    .find((route) => pathname.startsWith(route));

  if (matchedRoute) {
    const requiredRole: UserRole = routeRoleMap[matchedRoute];

    if (!isBetter(session.user.role, requiredRole)) {
      return unauthorized();
    }
  }

  return NextResponse.next();
}

export const config = {
  matcher: [
    "/((?!api|my-application|application|login|_next/static|_next/image|.*\\.(?:png|svg)$).*)",
  ],
};

is this correct pattern? is it too slow because of the

getSession

getSession

invocation?

Next.js RBAC

Similar Threads

Next.js RBAC

Similar Threads

Similar Threads

Similar Threads