Best Approach for Access Control in Middleware Based on User Features
Unanswered
Tomistoma posted this in #help-forum
TomistomaOP
I am using Next.js App Router for my front-end. I have an API endpoint that returns an array of features the user has access to, e.g., ['organization', 'assignments', 'grades']. Each feature corresponds to a route like /organization, /assignments, /grades, etc.
I need to configure the middleware to grant or deny access to these routes based on the user's features array.
Question
What's the best way to get the user's features array in the middleware?
Possible Solution
I could call the API endpoint in the middleware, but this would add overhead for each page render.
Any advice or alternative approaches would be greatly appreciated.
I need to configure the middleware to grant or deny access to these routes based on the user's features array.
Question
What's the best way to get the user's features array in the middleware?
Possible Solution
I could call the API endpoint in the middleware, but this would add overhead for each page render.
Any advice or alternative approaches would be greatly appreciated.
6 Replies
TomistomaOP
Just to give more context, authentication is handled with access and refresh tokens that I am storing in cookies. For each API call, the cookies are included in the header.
you can add feature list array in the session. and if they are allowed to then do it, but if the session is too much then consider using redis for session management.\
@muadpn you can add feature list array in the session. and if they are allowed to then do it, but if the session is too much then consider using redis for session management.\
TomistomaOP
How do I add in session? Are you referring to
SessionStorage?are you using any auth lib ?
@muadpn are you using any auth lib ?
TomistomaOP
nope
SessionStorage are webAPI, you can store in cookies, if you are using jwt you can store there, but do mind the size of your data.