Where to do authentication?
Unanswered
Black Norwegian Elkhound posted this in #help-forum
Black Norwegian ElkhoundOP
I heard about the nextjs middleware exploit. So like should I do basic authentication and redirect in middleware and then in every single server component should i do authentication or what?
5 Replies
@Black Norwegian Elkhound I heard about the nextjs middleware exploit. So like should I do basic authentication and redirect in middleware and then in every single server component should i do authentication or what?
You should check for user's permission in every page and also when the user does any action like create or update or delete
Polar bear
yeahp. Storing the authentication or token and retrieve it on every page loads may work.
Roseate Spoonbill
To clarify a bit - you can still use midleware for some early redirects. E.g. if user doesn't have session cookie, or if request is missing certain header. That's what middleware in Next.js is mainly for. However, it shouldn't be the main point of auth checks. Those should still be done in Pages and Server actions as mentioned by @Yi Lon Ma
There might be a point when we get true middlewares in Next, and then we'll be able to use them for more advanced logic, but as it stands, current implementation is the best used only for simple checks that end up with redirect/rewrite (missing cookie check, rewrite to translated page, and so on)
Black Norwegian ElkhoundOP
thanks!