Check server side request
Unanswered
Alaska pollock posted this in #help-forum
Alaska pollockOP
Hello,
I would like to know if there is a way to intercept a server request and add some conditions to it. Let me use an exmaple
I have a control on my page.tsx file that discconnects the user under some circumstances. If I use the frontend it works, but if I make the request from postman /dashboard, it doesn't enter in that if and it responds with some data that it shouldn't be able to access because of that condition
Hope you understand the example
Thanks
I would like to know if there is a way to intercept a server request and add some conditions to it. Let me use an exmaple
I have a control on my page.tsx file that discconnects the user under some circumstances. If I use the frontend it works, but if I make the request from postman /dashboard, it doesn't enter in that if and it responds with some data that it shouldn't be able to access because of that condition
Hope you understand the example
Thanks
61 Replies
you must be saying about middleware
@Alaska pollock
use your middleware to intercept request to accept/block depending on your own logic
Alaska pollockOP
i read that handling exceptions inside the middleware is not possible, is it? or is there another way to throw a status 500 in some conditions?
Alaska pollockOP
and also i would have to call a constructor inside the middleware in order to call my db for that control but it won't let me do it because it runs on the Edge i suppose
okay then until middleware is supported on node.js, you will need a different approach
- if you are using app router, you can simply create a util function that checks your condition. use it everywhere (or you can group your routes and call that function in your layout.tsx and return 500 (or whatever you want)
- if you are using page router, you have to call that function inside your
- if you are using page router, you have to call that function inside your
getServerSideProps(), getStaticProps()@Alaska pollock let me know your thoughts
Alaska pollockOP
ok yes, I made an api that checks for that condition and it works if i call it from the middleware, but there is no way to throw an error. Now i will try your approach 🙂
well, you won't be able to throw an error from the middleware
Alaska pollockOP
yep, that's unfortunate
what you can do instead is to modify/add a new property to the
reqand then check it in your page, or api route to throw a new error
Alaska pollockOP
i remembered that i tried adding the condition to my layout page but i saw that when you call the api from postman for example, it doesn't go through that file
do you think i was doing something wrong?
I didn't understand this - can you clarify in more detail?
hitting your api won't trigger page visit if it's what you meant
Alaska pollockOP
yes exactly
you said here i could add the check in my layout page but that won't work
or am i misunderstanding the approach
why won't it work?
Alaska pollockOP
cause the call made from postman for example wont trigger the page visit
only from the browser
well, I think you are confused a bit
let say you have a page
/dashboardright?
Alaska pollockOP
yes
then you have a check in layout.tsx, right?
Alaska pollockOP
i put it in the page.tsx but should be the same
yeah, it's the same
then what's the trouble you have?
if you hit
/dashboard using your postmanAlaska pollockOP
when im using it from the browser i am seeing that it makes a POST that calls my api
if i take that post and put it in postman, i am able to retrieve the data
ofc, it's because your api is public
next.js api routes are public by default
and also to give you a correction, you don't need to hit your own api in next.js
Alaska pollockOP
let me tell you the main problem so you can understand it better
the problem is that the app works fine while you're logged in. When you logout, your token gets hashed and put inside a db to track the login sessions
if i logout from the app, i can still use that token from postman even though its inside the "forbidden table "
its a bug from my company, i am not even used to nextjs ahaha. Trying to understand how the flow works
so even after they log out, those tokens are valid? is it a bug or reasonable thing?
if it's reasonable thing, you have to add second check if that token is inside
forbidden tableif it's a bug, obviously you need to fix it
Alaska pollockOP
yes that's my problem, i am adding the check that looks for that token isnide the db. But i don't understand where to put it so when i call my api from postman, it triggers that condition and throws error
yeah so it should be inside your api
you should have authentication in your api, right?
Alaska pollockOP
yes they are using nextauth
okay then you may need another
btw, by
api did you mean your api routes inside next.js?Alaska pollockOP
yes
well, then I would say you don't need to hit your api route from your server component
it's a bad practice
Alaska pollockOP
so they made the app in a wrong way? 😄
yeah it's sort of general mistake they make
one sec, will find a blog link for you
Alaska pollockOP
wait it think i am wrong about this. It doens't call the api route directly, the are using a cms called Directus and calling the apis to this cms
anyway, you should call your CMS directly inside your sever components
as server components are rendered on your server, it's like a network trip from your server to your server
you meant component -> api -> CMS, right?