How to get which server actions and which server components are being requested in the middleware.
Unanswered
someone posted this in #help-forum
someoneOP
I'm looking to restrict requests to certain server actions and server components based on the user auth. How do i determine which is being requested?
my auth.config.ts file
my auth.config.ts file
export const authConfig = {
adapter: DrizzleAdapter(db, {
usersTable: Users,
accountsTable: Accounts,
sessionsTable: Sessions,
verificationTokensTable: VerificationTokens,
}) as Adapter,
session: {
strategy: 'database',
},
callbacks: {
session({ session, user }) {
session.user.id = user.id
return session
},
authorized: async ({ auth, request}) => {
const url = request.nextUrl;
const isLoggedIn = !!auth?.user
const acceptHeader = request.headers.get('accept')
// Allows all requests for Server Actions and Server Components, I need to restrict some of them.
if (acceptHeader && acceptHeader.includes('text/x-component')) {
return NextResponse.next()
}
return true
},
}
} satisfies NextAuthConfig7 Replies
Asian black bear
You could use a middlware to achieve this
Acacia-ants
You can read it from the request object. Every resource that gets requested via http has an unique address. As Eloho said this can be achieved via middleware since they are the only layer that has access to the request object (at least the only one that I am aware of)
someoneOP
Yeah that's what i was thinking. I just wasn't sure where in the request it was and wanted a few pointers. I posted my middleware above.
Every build the unique address changes... and I dont know of a way to say X address is X function, would also be interested if there is a viable way to make that correlation
@Jboncz Every build the unique address changes... and I dont know of a way to say X address is X function, would also be interested if there is a viable way to make that correlation
someoneOP
Which header would it be in the request object?
next-actionis the header