@aflabs/afauth v0.0.8

AFauth package

This library is intended to be uses as internal library in AFLabs. We use next.js on the frontend and DRF on the backend. Whit this library we can easily manage user session in next.js. For now it only supports access token. It specifically works with our backend setup.

To use it in next.js first install:

yarn add @aflabs/afauth axios cookie @types/cookie jwt-decode

Then create new directory in pages/api called [afAuth] and add (example configuration):

export const afAuthOptions: IAfOptions = {
  logInPage: "/login",
  redirectToPage: "/",
  apiBaseUrl: "/backend-api",
  loginApiUrl: `${process.env.BACKEND_URL}/api/auth/token/login`,
  tokenValidityUrl: `${process.env.BACKEND_URL}/api/auth/token/verify`,
  refreshTokenApiUrl: "/auth/token-refresh",
  protectedPages: [],
  expFromJwt: true,
  accessTokenExpiryTime: 60 * 60 * 24,
  refreshTokenExpiryTime: 60 * 60 * 24 * 2,
};

export default AfAuth(afAuthOptions);

Here we define afAuthOptions and export function AfAuth.

To protect pages and to add access token to header when requesting our backed, we use next.js middleware. We create middleware.ts and add (example configuration):

export async function middleware(request: NextRequest, event: NextFetchEvent) {
  // access only cookie
  return await accessTokenOnly(request);
}

//TODO add protected pages in matcher
export const config = {
  matcher: ["/backend-api/:path*", "/login", "/account", "/apps"],
  // workouround to get it working
  unstable_includeFiles: [
    "node_modules/next/dist/compiled/@edge-runtime/primitives/**/*.+(js|json)",
  ],
};

In matcher array we add pages or backend that we want to protect.