1

I'm implementing an authentication flow which authenticated users are detected when a httpOnly cookie is present (server side).

I'm trying to redirect unauthenticated users on protected pages, so i created a react HOC:

const isBrowser = () => typeof window !== "undefined";

export const withAuth = (WrapperComponent: React.ComponentType) => {
  const Wrapper = (props: any) => {
    const { loading, authenticated } = useAuth();
    const router = useRouter();

    if (!loading && !authenticated && isBrowser()) {
      router.push("/auth/login");
      return null;
    }

    return <WrapperComponent {...props} />;
  };

  return Wrapper;
};

The code works fine in client-side redirects, but what I'm trying to do is redirect users before they reach to client, I tried getInitialProps but seems like it opts out the entire app from automatic static optimization and getServerSideProps are not supported in HOCs, and if i want to use getServerSideProps i have to do it in all protected pages, is there any alternative solution to handle protected pages without having to use getInitialProps or getServerSideProps on every page?

P.s: In case you need to know how the auth cookie works:

The useAuth is a custom context i created which works like this:

  • On Initial load of a page it sends a http request to /api/user/ if this request contains a refresh token cookie the server will check for validity of the token and if it's valid it returns user data and an accessToken which then they are saved using react hooks and based those values the authenticated variable which you see in the example turns true or false
  • Upon absence of accessToken and user data the above step will repeat silently and if refresh token is valid a new accessToken and user is fetched and stored otherwise authenticated will be set to false and user data and accessToken will be empty
Amin
  • 1,637
  • 1
  • 22
  • 40
  • Does this answer your question: [Creating a HOC (higher order component) for cookies in nextJS](https://stackoverflow.com/questions/66081052/creating-a-hoc-higher-order-component-for-cookies-in-nextjs)? – juliomalves Nov 07 '21 at 02:05
  • A more recent alternative to the above would be to use Next.js [Middleware](https://nextjs.org/docs/middleware). – juliomalves Nov 07 '21 at 02:10
  • @juliomalves yes seems like it's the only way, just one question , does that work for statically generated pages (SSG)? – Amin Nov 07 '21 at 10:41
  • the nextjs 12 solution seems nice too, altough i haven't tested the new version yet, i should give it a try – Amin Nov 07 '21 at 10:41
  • If you're using static pages the authentication needs to happen on the client-side. `getStaticProps` runs at build time, and has no access to request-specific information like cookies. – juliomalves Nov 07 '21 at 11:34
  • Thank you for your help, doesn't a page can have both `getStaticProps` and `getServerSideProps`? – Amin Nov 07 '21 at 18:40
  • No, it cannot. A page can either be server-side rendered (`getServerSideProps`) or statically generated (`getStaticProps`), but not both at the same time. If you want to use `getStaticProps`, authentication has to be done on the client-side. – juliomalves Nov 07 '21 at 18:42

0 Answers0