next-passport
v0.9.0
Published
Downloads
25
Readme
The code is extracted from the blitz-js
repository. All kudos goes to them: https://blitzjs.com
This project is not battle-tested in any way, just use it if you know what you are doing!
This project requires you to work with a Next.js application and use Prisma for Database Access.
Because Blitz uses Anti CSRF Measures, we need to attach a header with the key: anti-csrf
and the value of the sAntiCrfToken
cookie or add DISABLE_CSRF_PROTECTION=true
to your env vars, although that's not recommended.
yarn add next-passport
- Add these lines to your
schema.prisma
model User {
id Int @id @default(autoincrement())
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
name String?
email String @unique
hashedPassword String?
role String @default("user")
sessions Session[]
}
model Session {
id Int @id @default(autoincrement())
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
expiresAt DateTime?
handle String @unique
user User? @relation(fields: [userId], references: [id])
userId Int?
hashedSessionToken String?
antiCSRFToken String?
publicData String?
privateData String?
}
- Create
[...auth].ts
file in yourapi
folder (maybe underapi/auth/
) with the following content:
import { passportAuth } from 'next-passport'
export default passportAuth({
successRedirectUrl: '/',
errorRedirectUrl: '/',
strategies: [
...
],
})
- Use
getSessionContext
in your Serverless Functions
getSessionContext
takes care of creating and getting sessions
Signup Example:
import { NextApiRequest, NextApiResponse } from 'next'
import { getSessionContext, hashPassword } from 'next-passport'
import { PrismaClient } from '@prisma/client'
const prisma = new PrismaClient()
export default async (req: NextApiRequest, res: NextApiResponse) => {
const session = await getSessionContext(prisma, req, res)
if (!req.body.email || !req.body.password) {
return res.status(500).json({ error: 'Not all values provided' })
}
const { email, password } = req.body
const hashedPassword = await hashPassword(password)
const user = await prisma.user.create({
data: {
email: email.toLowerCase(),
hashedPassword,
role: 'user',
},
select: { id: true, email: true, role: true },
})
await session.create({ userId: user.id, roles: [user.role] })
res.json({ user })
}
Login Example:
import { NextApiRequest, NextApiResponse } from 'next'
import { getSessionContext, authenticateUser } from 'next-passport'
import { PrismaClient } from '@prisma/client'
const prisma = new PrismaClient()
export default async (req: NextApiRequest, res: NextApiResponse) => {
const session = await getSessionContext(prisma, req, res)
if (!req.body.email || !req.body.password) {
return res.status(500).json({ error: 'Not all values provided' })
}
const { email, password } = req.body
const user = await authenticateUser(email, password)
await session.create({ userId: user.id, roles: [user.role] })
res.json({ user })
}