Two passwords for different access to website? Vercel
Unanswered
eL posted this in #help-forum
eLOP
I have a website deployed with Vercel.
It's very simple, it's a wedding website for guests.
Right now I have one password protecting all the pages.
I was wondering if it's possible (and how), to have two different passwords that give access to different pages in the website. No usernames.
Basically some guests can see page A B and C, and the other will see C, D and E, depending on the password given.
Is it with environment variables?
Appreciate any help! Thx!
It's very simple, it's a wedding website for guests.
Right now I have one password protecting all the pages.
I was wondering if it's possible (and how), to have two different passwords that give access to different pages in the website. No usernames.
Basically some guests can see page A B and C, and the other will see C, D and E, depending on the password given.
Is it with environment variables?
Appreciate any help! Thx!
5 Replies
@eL I have a website deployed with Vercel.
It's very simple, it's a wedding website for guests.
Right now I have one password protecting all the pages.
I was wondering if it's possible (and how), to have two different passwords that give access to different pages in the website. No usernames.
Basically some guests can see page A B and C, and the other will see C, D and E, depending on the password given.
Is it with environment variables?
Appreciate any help! Thx!
you can build default password auth, like you would and depending on which password was used you can give the then "signed in" user specific permissions.
Depending on those permissions, you can allow specific pages, or hide specific page
Depending on those permissions, you can allow specific pages, or hide specific page
@B33fb0n3 you can build default password auth, like you would and depending on which password was used you can give the then "signed in" user specific permissions.
Depending on those permissions, you can allow specific pages, or hide specific page
eLOP
ok, that's good to know. what keywords can i search for to learn this?
is this something that you manage with
is this something that you manage with
middleware.js ? or in the environment variables in vercel? I added a new variable there with the new password, i'm just struggling to find where to change permissions. btw, i'm not a dev, learning all on my own as i build.! Thx!@eL ok, that's good to know. what keywords can i search for to learn this?
is this something that you manage with `middleware.js` ? or in the environment variables in vercel? I added a new variable there with the new password, i'm just struggling to find where to change permissions. btw, i'm not a dev, learning all on my own as i build.! Thx!
You are not a dev, but you want to do auth? That can end Not in a very good way, as you are not experienced with that yet… people may break your auth..
If I would be you, I would use next-auth or better-auth and then use the credentials provider. Like that all the JWT handling will be handled by the library and you don’t need to worry about it.
Inside the credentials provider, check the password against your constant passwords (save a hashed one and the salt in your .env variables). DONT save the plain password. Then, depending on which password was entered, give the user object the desired permissions.
Then you can do on your page „const user = await getServerSession(authOptions)“ and like that you receive the user object. Then just check if he has permissions for the page: „user.permissions.includes(‚view_wedding‘“ and you are done 🙂
If I would be you, I would use next-auth or better-auth and then use the credentials provider. Like that all the JWT handling will be handled by the library and you don’t need to worry about it.
Inside the credentials provider, check the password against your constant passwords (save a hashed one and the salt in your .env variables). DONT save the plain password. Then, depending on which password was entered, give the user object the desired permissions.
Then you can do on your page „const user = await getServerSession(authOptions)“ and like that you receive the user object. Then just check if he has permissions for the page: „user.permissions.includes(‚view_wedding‘“ and you are done 🙂
@B33fb0n3 You are not a dev, but you want to do auth? That can end Not in a very good way, as you are not experienced with that yet… people may break your auth..
If I would be you, I would use next-auth or better-auth and then use the credentials provider. Like that all the JWT handling will be handled by the library and you don’t need to worry about it.
Inside the credentials provider, check the password against your constant passwords (save a hashed one and the salt in your .env variables). DONT save the plain password. Then, depending on which password was entered, give the user object the desired permissions.
Then you can do on your page „const user = await getServerSession(authOptions)“ and like that you receive the user object. Then just check if he has permissions for the page: „user.permissions.includes(‚view_wedding‘“ and you are done 🙂
eLOP
This was very informative, thanks 👍.
I didn't know about better auth and next auth. I will look into those when making a more secure website. This one I'm building doesn't need that much security, just a simple password for obfuscation of wedding details.
Nonetheless, I'll keep those suggestions in mind since I'm enjoying learning all of this.
Once I try the double password auth I'll return here to report how it went!
I didn't know about better auth and next auth. I will look into those when making a more secure website. This one I'm building doesn't need that much security, just a simple password for obfuscation of wedding details.
Nonetheless, I'll keep those suggestions in mind since I'm enjoying learning all of this.
Once I try the double password auth I'll return here to report how it went!
@eL This was very informative, thanks 👍.
I didn't know about better auth and next auth. I will look into those when making a more secure website. This one I'm building doesn't need that much security, just a simple password for obfuscation of wedding details.
Nonetheless, I'll keep those suggestions in mind since I'm enjoying learning all of this.
Once I try the double password auth I'll return here to report how it went!
That sounds like a plan. Please mark solution[:](https://cdn.discordapp.com/attachments/1043615796787683408/1117191182133501962/image.png?ex=6933eb9e&is=69329a1e&hm=49b7ed06c8485cbb91ffb0f5a50d1a8305eec86d213be8e34f8728dae1c01612&)