@aflabs/afauth
v0.1.1
Published
This library is intended to be uses as internal library for next.js authentication on the frontend and DRF on the backend. For now it only supports access tokens. It specifically works with our backend setup.
Downloads
79
Readme
AFauth package
This library is intended to be uses as internal library in AFLabs. We use next.js on the frontend and DRF on the backend. Whit this library we can easily manage user session in next.js. For now it only supports access token. It specifically works with our backend setup.
To use it in next.js first install:
yarn add @aflabs/afauth axios cookie @types/cookie jwt-decode
Then create new directory in pages/api
called afAuth
and in it add file [...afAuth].ts
(example configuration):
export const afAuthOptions: IAfOptions = {
logInPage: "/login",
redirectToPage: "/",
apiBaseUrl: "/backend-api",
loginApiUrl: `${process.env.BACKEND_URL}/api/auth/token/login`,
tokenValidityUrl: `${process.env.BACKEND_URL}/api/auth/token/verify`,
refreshTokenApiUrl: "/auth/token-refresh",
protectedPages: [],
expFromJwt: true,
accessTokenExpiryTime: 60 * 60 * 24,
refreshTokenExpiryTime: 60 * 60 * 24 * 2,
cookieSameSiteAttribute: "lax"
};
export default AfAuth(afAuthOptions);
Here we define afAuthOptions and export function AfAuth
.
To protect pages and to add access token to header when requesting our backed, we use next.js middleware. We create middleware.ts
and add (example configuration):
export async function middleware(request: NextRequest, event: NextFetchEvent) {
// access only cookie
return await accessTokenOnly(request);
}
//TODO add protected pages in matcher
export const config = {
matcher: ["/backend-api/:path*", "/login", "/account", "/apps"],
// workouround to get it working
unstable_includeFiles: [
"node_modules/next/dist/compiled/@edge-runtime/primitives/**/*.+(js|json)",
],
};
In matcher array we add pages or backend that we want to protect.