auth nextauth nextjs 后限制登录和注册页面
restrict sign and signup page after auth nextauth nextjs
我试图通过给定的中间件在 nextauth nextjs 中限制登录和注册页面:
import { getToken } from "next-auth/jwt";
import { NextResponse } from "next/server";
export async function middleware(req) {
const url = req.nextUrl.clone();
url.pathname = "/auth/new-user";
if (req.nextUrl.pathname === "/" || req.nextUrl.pathname === "/settings") {
const session = await getToken({
req,
secret: process.env.JWT_SECRET,
secureCookie: process.env.NODE_ENV === "production",
});
// You could also check for any property on the session object,
// like role === "admin" or name === "John Doe", etc.
if (!session) return NextResponse.redirect(url);
// If user is authenticated, continue.
}
}
如果用户未通过身份验证,它会限制路径“/”,效果很好。但在授权之后,用户可以返回并查看登录和注册页面...
我正在考虑做类似
的事情
if (!session){
return NextResponse.redirect(url);
}else{
return NextResponse.redirect('/')
}
这还没有考虑用户认证后需要考虑的其他页面..
restrict make 2个不同的部分来区分auth和after auth
export async function middleware(req) {
const auth = req.nextUrl.clone();
auth.pathname = "/auth/new-user";
const afterAuth = req.nextUrl.clone();
afterAuth.pathname = "/";
if (req.nextUrl.pathname === "/" || req.nextUrl.pathname === "/settings") {
const session = await getToken({
req,
secret: process.env.JWT_SECRET,
secureCookie: process.env.NODE_ENV === "production",
});
// You could also check for any property on the session object,
// like role === "admin" or name === "John Doe", etc.
if (!session) return NextResponse.redirect(auth);
// If user is authenticated, continue.
}
if (req.nextUrl.pathname === "/auth/new-user" || req.nextUrl.pathname === "/auth/signin") {
const session = await getToken({
req,
secret: process.env.JWT_SECRET,
secureCookie: process.env.NODE_ENV === "production",
});
// You could also check for any property on the session object,
// like role === "admin" or name === "John Doe", etc.
if (session) return NextResponse.redirect(afterAuth);
// If user is authenticated, continue.
}
}
我试图通过给定的中间件在 nextauth nextjs 中限制登录和注册页面:
import { getToken } from "next-auth/jwt";
import { NextResponse } from "next/server";
export async function middleware(req) {
const url = req.nextUrl.clone();
url.pathname = "/auth/new-user";
if (req.nextUrl.pathname === "/" || req.nextUrl.pathname === "/settings") {
const session = await getToken({
req,
secret: process.env.JWT_SECRET,
secureCookie: process.env.NODE_ENV === "production",
});
// You could also check for any property on the session object,
// like role === "admin" or name === "John Doe", etc.
if (!session) return NextResponse.redirect(url);
// If user is authenticated, continue.
}
}
如果用户未通过身份验证,它会限制路径“/”,效果很好。但在授权之后,用户可以返回并查看登录和注册页面...
我正在考虑做类似
的事情 if (!session){
return NextResponse.redirect(url);
}else{
return NextResponse.redirect('/')
}
这还没有考虑用户认证后需要考虑的其他页面..
restrict make 2个不同的部分来区分auth和after auth
export async function middleware(req) {
const auth = req.nextUrl.clone();
auth.pathname = "/auth/new-user";
const afterAuth = req.nextUrl.clone();
afterAuth.pathname = "/";
if (req.nextUrl.pathname === "/" || req.nextUrl.pathname === "/settings") {
const session = await getToken({
req,
secret: process.env.JWT_SECRET,
secureCookie: process.env.NODE_ENV === "production",
});
// You could also check for any property on the session object,
// like role === "admin" or name === "John Doe", etc.
if (!session) return NextResponse.redirect(auth);
// If user is authenticated, continue.
}
if (req.nextUrl.pathname === "/auth/new-user" || req.nextUrl.pathname === "/auth/signin") {
const session = await getToken({
req,
secret: process.env.JWT_SECRET,
secureCookie: process.env.NODE_ENV === "production",
});
// You could also check for any property on the session object,
// like role === "admin" or name === "John Doe", etc.
if (session) return NextResponse.redirect(afterAuth);
// If user is authenticated, continue.
}
}