Authentication on Middleware.
Unanswered
Lilac posted this in #help-forum
LilacOP
I tried nextauth.js (authjs.dev), but didn't really like the way it worked, so I created my own auth library, which I store in
I'll be honest, I'm not completely sure what the edge runtime is, but is there a way I can disable it, and allow my middleware to use my authentication related functions, or is there just no way I can use it.
My
@/auth. It uses JOSE for encrypting JWTs, but this doesn't work on middleware, and gives me this error:Error: The edge runtime does not support Node.js 'crypto' module.I'll be honest, I'm not completely sure what the edge runtime is, but is there a way I can disable it, and allow my middleware to use my authentication related functions, or is there just no way I can use it.
My
middleware.ts file:import { NextRequest } from "next/server";
import { updateSession } from "@/auth";
export async function middleware(request: NextRequest) {
return await updateSession(request);
}12 Replies
@Lilac I tried nextauth.js (authjs.dev), but didn't really like the way it worked, so I created my own auth library, which I store in `@/auth`. It uses JOSE for encrypting JWTs, but this doesn't work on middleware, and gives me this error:
`Error: The edge runtime does not support Node.js 'crypto' module.`
I'll be honest, I'm not completely sure what the edge runtime is, but is there a way I can disable it, and allow my middleware to use my authentication related functions, or is there just no way I can use it.
My `middleware.ts` file:
ts
import { NextRequest } from "next/server";
import { updateSession } from "@/auth";
export async function middleware(request: NextRequest) {
return await updateSession(request);
}
I am also using next-auth and the only way I know on how to access the session in middleware is by doing this:
Maybe that's also a possible solution for you?
const session = await getToken({req: request});Maybe that's also a possible solution for you?
LilacOP
nah, i haven't implemented that right now, but i'm not even sure how I would. this is my code for update session:
export async function updateSession(request: NextRequest) {
const session = request.cookies.get("session")?.value;
if (!session) return;
// Refresh the session so it doesn't expire
const parsed = await decrypt(session);
parsed.expires = new Date(Date.now() + 10 * 1000);
const res = NextResponse.next();
res.cookies.set({
name: "session",
value: await encrypt(parsed),
httpOnly: true,
expires: parsed.expires,
});
return res;
}@Lilac if you want to use auth, using jose, check out this project of mine.
https://github.com/Arinji2/Taskation/blob/master/middleware.ts
But for a like short answer to your question, middleware is meant to be used for very fast operations since they run in every request.
Edge runtime is nextjs/vercel's new runtime which is a subset of the node runtime, its built for speed but lacks in features like the Node.js crypto module, and other such modules.
https://github.com/Arinji2/Taskation/blob/master/middleware.ts
But for a like short answer to your question, middleware is meant to be used for very fast operations since they run in every request.
Edge runtime is nextjs/vercel's new runtime which is a subset of the node runtime, its built for speed but lacks in features like the Node.js crypto module, and other such modules.
What my project does, is only and only verify the token, and thats it, it then routes to the diff pages as needed, so if the user hasnt verified, it routes to verification etc. Anything more intensive is better to do in their own pages.
so is there no way that i can fully get the token
because I wanted to redirect someone away from an admin page
that was my use case
and thats the type of thing you can only see via full decoding it
@Lilac so is there no way that i can fully get the token
what you could do, is make an api route and call it from your middleware
@Arinji <@905406894129160192> if you want to use auth, using jose, check out this project of mine.
https://github.com/Arinji2/Taskation/blob/master/middleware.ts
But for a like short answer to your question, middleware is meant to be used for very fast operations since they run in every request.
Edge runtime is nextjs/vercel's new runtime which is a subset of the node runtime, its built for speed but lacks in features like the Node.js crypto module, and other such modules.
If your self hosting you dont have to worry about the edge related stuff as much, you can just fetch from another route to validate and return the token results. IIRC they are planning on introducing nodejs runtime for middleware eventually, it makes sense when hosted via vercel because of the way distribution works but hosted internally it might as well use the fat runtime.
@Arinji what you could do, is make an api route and call it from your middleware
This is the answer, you fetch from your middleware, if you are deploying via vercel its going to be much slower, if your hosting internally your middleware lives on the same box your endpoint is, so generally speaking the cost is neglible.