0.0.8 • Published 11 months ago
@aflabs/afauth v0.0.8
AFauth package
This library is intended to be uses as internal library in AFLabs. We use next.js on the frontend and DRF on the backend. Whit this library we can easily manage user session in next.js. For now it only supports access token. It specifically works with our backend setup.
To use it in next.js first install:
yarn add @aflabs/afauth axios cookie @types/cookie jwt-decode
Then create new directory in pages/api
called [afAuth]
and add (example configuration):
export const afAuthOptions: IAfOptions = {
logInPage: "/login",
redirectToPage: "/",
apiBaseUrl: "/backend-api",
loginApiUrl: `${process.env.BACKEND_URL}/api/auth/token/login`,
tokenValidityUrl: `${process.env.BACKEND_URL}/api/auth/token/verify`,
refreshTokenApiUrl: "/auth/token-refresh",
protectedPages: [],
expFromJwt: true,
accessTokenExpiryTime: 60 * 60 * 24,
refreshTokenExpiryTime: 60 * 60 * 24 * 2,
};
export default AfAuth(afAuthOptions);
Here we define afAuthOptions and export function AfAuth
.
To protect pages and to add access token to header when requesting our backed, we use next.js middleware. We create middleware.ts
and add (example configuration):
export async function middleware(request: NextRequest, event: NextFetchEvent) {
// access only cookie
return await accessTokenOnly(request);
}
//TODO add protected pages in matcher
export const config = {
matcher: ["/backend-api/:path*", "/login", "/account", "/apps"],
// workouround to get it working
unstable_includeFiles: [
"node_modules/next/dist/compiled/@edge-runtime/primitives/**/*.+(js|json)",
],
};
In matcher array we add pages or backend that we want to protect.