Currently the app performs authorisation checks directly within multiple page components and server functions, by verifying user access to specific pages based on their organisation.
There is a lot of repeated/redundant code, prompting increased maintenance, complexity, and potential inconsistencies.
Proposal: Centralise authorisation logic by creating an authorisationService and using Next.js middleware to handle these auth checks globally.
Tasks:
Create an authorizationService that checks if a user is authenticated; verifies if the authenticated user belongs to the correct organisation; handles errors or redirects if the user is unauthorised.
Extract existing authorisation logic from individual pages and server functions.
Stetch: Implement Next.js Middleware
Create middleware to intercept requests and perform authorization checks using the authorizationService; Ensure the middleware is scoped appropriately to protect only the necessary routes and server actions.
Remove direct authorization checks from pages and server functions, replacing them with the new middleware.
Ensure any additional logic that needs to run after authorization checks is preserved.
Currently the app performs authorisation checks directly within multiple page components and server functions, by verifying user access to specific pages based on their organisation.
There is a lot of repeated/redundant code, prompting increased maintenance, complexity, and potential inconsistencies.
Proposal: Centralise authorisation logic by creating an authorisationService and using Next.js middleware to handle these auth checks globally.
Tasks:
Stetch: Implement Next.js Middleware