Next.js Discord

Discord Forum

Layout to check user email verified state

Answered
MarkMiklos posted this in #help-forum
Open in Discord
MarkMiklosOP
Is it an acceptable way to check users data, in my case email verified state from db in the layout.tsx file as attached on the screenshot?
Answered by B33fb0n3
if that value is really important for you, then you shouldn't check it in layout.

Why not? That is described here: https://github.com/eric-burel/securing-rsc-layout-leak

TL;DR
You want to:
check it in a middleware
check it in the page
check it in the data fetching method
View full answer

5 Replies

@MarkMiklos Is it an acceptable way to check users data, in my case email verified state from db in the layout.tsx file as attached on the screenshot?
B33fb0n3
if that value is really important for you, then you shouldn't check it in layout.

Why not? That is described here: https://github.com/eric-burel/securing-rsc-layout-leak

TL;DR
You want to:
check it in a middleware
check it in the page
check it in the data fetching method
Answer
MarkMiklosOP
Dang thanks, I'll remove it from there.
I have about 10 pages in the admin, what would u suggest, middleware or page?
I do have a middleware that does a db fetch for multi tenancy purpose.

What are the pros and cons?
@MarkMiklos Dang thanks, I'll remove it from there. I have about 10 pages in the admin, what would u suggest, middleware or page? I do have a middleware that does a db fetch for multi tenancy purpose. What are the pros and cons?
B33fb0n3
I would use the middleware. It's easier to maintain and easy to setup. Depending on your software you can easily query your db even with multi teneancy, because you have access to the request object
MarkMiklosOP
Yeah i was rooting for this way also, thanks wanted to hear a confirmation 😄
B33fb0n3
Sure thing