Skip to content

Server Auth Utility (serverAuth.ts)

The Server Auth utility provides server-side authentication and authorization functions.

Overview

lib/serverAuth.ts implements server-side authentication logic with session management and user validation.

Features

  • Session management
  • User validation
  • Role-based access
  • Token handling
  • Security measures
  • Error handling

API Reference

Core Functions

async function getSession(req: NextApiRequest): Promise<Session>
async function getCurrentUser(req: NextApiRequest): Promise<User>
async function validateToken(token: string): Promise<boolean>
async function checkPermission(user: User, resource: string): Promise<boolean>

Type Definitions

interface Session {
  user: User;
  expires: Date;
  accessToken: string;
}

interface User {
  id: string;
  email: string;
  role: UserRole;
  permissions: string[];
}

type UserRole = 'admin' | 'user' | 'guest';

Usage Examples

Session Management

// Get current session
const session = await getSession(req);

// Get current user
const user = await getCurrentUser(req);

// Check permissions
const canAccess = await checkPermission(user, 'documents:write');

Authorization

// Protect API route
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  try {
    const user = await getCurrentUser(req);
    if (!user) {
      return res.status(401).json({ error: 'Unauthorized' });
    }
    // Handle request
  } catch (error) {
    return res.status(500).json({ error: 'Internal error' });
  }
}

Security

  1. Authentication
  2. Token validation
  3. Session checks
  4. Role validation
  5. Permission checks

  6. Rate limiting

  7. Protection

  8. CSRF prevention
  9. XSS protection
  10. Session fixation
  11. Cookie security
  12. Token refresh

Error Handling

  1. Error Types
  2. Auth errors
  3. Session errors
  4. Permission errors
  5. Token errors

  6. Network errors

  7. Recovery

  8. Session refresh
  9. Token refresh
  10. Error reporting
  11. User feedback

Performance

  1. Optimizations
  2. Cache strategy
  3. Token caching
  4. Session pooling

  5. Request batching

  6. Best Practices

  7. Session limits
  8. Token expiry
  9. Cache invalidation
  10. Resource cleanup

Notes

  • Security best practices
  • Session management
  • Token handling
  • Error recovery
  • Performance tips