need help regarding permissions
Unanswered
Red wood ant posted this in #help-forum
Red wood antOP
Hi,
so i have a problem regarding permissions i have lot of permissions which size is 130kb and since cookie size limit is 4kb and im checking in the middleware what is the best practice to tackle this issue?
so i have a problem regarding permissions i have lot of permissions which size is 130kb and since cookie size limit is 4kb and im checking in the middleware what is the best practice to tackle this issue?
21 Replies
not sure how you are storing permissions but how about using bitwise operations to store permissions
Red wood antOP
im using like this ['can_view_dashboard',etc....]
@Red wood ant im using like this ['can_view_dashboard',etc....]
yea checkout bitwise permissions
so instead of storing array of strings, you just store a number and perform bitwise operation to get true or false given the permission
@Yi Lon Ma yea checkout bitwise permissions
Red wood antOP
but it can make us prone to error more
how
we are using that in production at work along with many other companies like discord
@Yi Lon Ma how
Red wood antOP
if i misplaced number 1 i can grant the user a permission accidently
uhhh
you don't write numbers yourself lol
gimme a moment
// Define permission constants using bit shifting
const PERMISSION_READ = 1 << 0; // 00000001 (1)
const PERMISSION_WRITE = 1 << 1; // 00000010 (2)
const PERMISSION_EXECUTE = 1 << 2; // 00000100 (4)
const PERMISSION_DELETE = 1 << 3; // 00001000 (8)
// Function to check if a permission is granted
function hasPermission(permissions, permissionToCheck) {
return (permissions & permissionToCheck) === permissionToCheck;
}
// Function to grant a permission
function grantPermission(permissions, permissionToGrant) {
return permissions | permissionToGrant;
}
// Function to revoke a permission
function revokePermission(permissions, permissionToRevoke) {
return permissions & ~permissionToRevoke;
}
// Example usage:
let userPermissions = PERMISSION_READ; // Initial permission: READ onlyinstead of creating new variable for each permission, use object
const permission = {
read:1<<0,
write:1<<1,
update:1<<2,
delete: 1<<3
}then do stuff like
grantPermissions(currentPermission,permission.delete)
hasPermission(currentPermissions,permission.delete)Red wood antOP
this will take much more time because i've already built the backend to return string and i don't want to re-write everything from the scratch can you suggest something else?
my main problem is that im doing all the checking in the middleware and i used localstorage i can't access it in the middleware
my main problem is that im doing all the checking in the middleware and i used localstorage i can't access it in the middleware
Roseate Spoonbill
1. In cookie store only session token (like JWT)
2. Retrieve permissions when rendering page and act accordingly (so don't store them in cookies at all)
3. Use middleware for simple checks (e.g. session cookie missing -> redirect to login), but don't make it the only place where check happens, because middleware can be ommitted when making requessts.
2. Retrieve permissions when rendering page and act accordingly (so don't store them in cookies at all)
3. Use middleware for simple checks (e.g. session cookie missing -> redirect to login), but don't make it the only place where check happens, because middleware can be ommitted when making requessts.
Red wood antOP
@Roseate Spoonbill where should i check for roles if my roles are too big to be stored in cookies?
Roseate Spoonbill
on the page itself, and/or when accessing protected data. You can also pass it down as props
async function DashboardPage() {
const cookieStore = await cookies()
const token = cookieStore.get('session-token');
const user = await getUserFromDB(token); // or whatever custom logic you have to access user info
const permissions = user.permissions;
if(!permissions.can_access_dashboard) {
notFound();
}
// Render actual page here
// ...
}