(ssg) with auth role based routing
Answered
Giant panda posted this in #help-forum
Giant pandaOP
how to serve static site (ssg) with auth role based routing/rendering in nextjs app router.
probably without using middleware as server actions are not working in middleware.
probably without using middleware as server actions are not working in middleware.
Answered by B33fb0n3
You linked to the docs from the pages router. I assume you are using the app router, right?
For the app router the docs saying that you should protect it via middleware
For the app router the docs saying that you should protect it via middleware
8 Replies
@Giant panda how to serve static site (ssg) with auth role based routing/rendering in nextjs app router.
probably without using middleware as server actions are not working in middleware.
you can't, as your auth normally relies on cookies and cookies will make your page dynamic. So you need something "in front" of it. And there is only one thing, that you already have in mind: the middleware.
You can use server actions inside your middleware, as both are on the server and then the server action will be just a normal function and normal functions can run inside the middleware (on edge)
Else you can build a route handler that checks the auth in front of your page, that will be called through the middleware
You can use server actions inside your middleware, as both are on the server and then the server action will be just a normal function and normal functions can run inside the middleware (on edge)
Else you can build a route handler that checks the auth in front of your page, that will be called through the middleware
Giant pandaOP
however the docs suggest not to only rely on the middleware and suggest creating a DAL if we do auth checks in the data access and components then also the ssg is gone everything becomes dynamic.
https://nextjs.org/docs/pages/building-your-application/authentication#:~:text=While%20Middleware%20can%20be%20useful%20for%20initial%20checks%2C%20it%20should%20not%20be%20your%20only%20line%20of%20defense%20in%20protecting%20your%20data.%20The%20majority%20of%20security%20checks%20should%20be%20performed%20as%20close%20as%20possible%20to%20your%20data%20source%2C%20see%20Data%20Access%20Layer%20for%20more%20information.
https://nextjs.org/docs/pages/building-your-application/authentication#:~:text=While%20Middleware%20can%20be%20useful%20for%20initial%20checks%2C%20it%20should%20not%20be%20your%20only%20line%20of%20defense%20in%20protecting%20your%20data.%20The%20majority%20of%20security%20checks%20should%20be%20performed%20as%20close%20as%20possible%20to%20your%20data%20source%2C%20see%20Data%20Access%20Layer%20for%20more%20information.
i m not able to understand how then ssg work in real world applications. do you have some examples
@Giant panda however the docs suggest not to only rely on the middleware and suggest creating a DAL if we do auth checks in the data access and components then also the ssg is gone everything becomes dynamic.
https://nextjs.org/docs/pages/building-your-application/authentication#:~:text=While%20Middleware%20can%20be%20useful%20for%20initial%20checks%2C%20it%20should%20not%20be%20your%20only%20line%20of%20defense%20in%20protecting%20your%20data.%20The%20majority%20of%20security%20checks%20should%20be%20performed%20as%20close%20as%20possible%20to%20your%20data%20source%2C%20see%20Data%20Access%20Layer%20for%20more%20information.
You linked to the docs from the pages router. I assume you are using the app router, right?
For the app router the docs saying that you should protect it via middleware
For the app router the docs saying that you should protect it via middleware
Answer
Giant pandaOP
i m sorry for the wrong link.
i m using the app router
thanks for the clarification
solved my question
thankyou
just one more question
for conditionally rendering components based on auth
used cached data from orm server actions with unstable_cache and revalidate when needed
is this right ?
i m using the app router
thanks for the clarification
solved my question
thankyou
just one more question
for conditionally rendering components based on auth
used cached data from orm server actions with unstable_cache and revalidate when needed
is this right ?
@Giant panda i m sorry for the wrong link.
i m using the app router
thanks for the clarification
solved my question
thankyou
just one more question
for conditionally rendering components based on auth
used cached data from orm server actions with unstable_cache and revalidate when needed
is this right ?
yea, same here: check the auth inside your middleware (because of your static route) and don't cache it. Else the cached data can be shared with other users and you dont want that
Giant pandaOP
ok, thankyou