Next.js RBAC
Hi, I want to do simple RBAC on my routes in nextjs, current strategy involves something like this:
is this correct pattern? is it too slow because of the
export const routeRoleMap: Record<string, UserRole> = {
"/dashboard": "user",
"/dashboard/settings": "admin",
"/dashboard/form": "admin",
};
export async function proxy(request: NextRequest) {
const session = await auth.api.getSession(request);
if (!session) {
return NextResponse.redirect(new URL("/application", request.url));
}
const pathname = request.nextUrl.pathname;
const matchedRoute = Object.keys(routeRoleMap)
.sort((a, b) => b.length - a.length)
.find((route) => pathname.startsWith(route));
if (matchedRoute) {
const requiredRole: UserRole = routeRoleMap[matchedRoute];
if (!isBetter(session.user.role, requiredRole)) {
return unauthorized();
}
}
return NextResponse.next();
}
export const config = {
matcher: [
"/((?!api|my-application|application|login|_next/static|_next/image|.*\\.(?:png|svg)$).*)",
],
};export const routeRoleMap: Record<string, UserRole> = {
"/dashboard": "user",
"/dashboard/settings": "admin",
"/dashboard/form": "admin",
};
export async function proxy(request: NextRequest) {
const session = await auth.api.getSession(request);
if (!session) {
return NextResponse.redirect(new URL("/application", request.url));
}
const pathname = request.nextUrl.pathname;
const matchedRoute = Object.keys(routeRoleMap)
.sort((a, b) => b.length - a.length)
.find((route) => pathname.startsWith(route));
if (matchedRoute) {
const requiredRole: UserRole = routeRoleMap[matchedRoute];
if (!isBetter(session.user.role, requiredRole)) {
return unauthorized();
}
}
return NextResponse.next();
}
export const config = {
matcher: [
"/((?!api|my-application|application|login|_next/static|_next/image|.*\\.(?:png|svg)$).*)",
],
};is this correct pattern? is it too slow because of the
getSessiongetSession invocation?