Closed alexfinnarn closed 3 years ago
Based on looking at trends, https://www.npmtrends.com/next-auth-vs-@auth0/nextjs-auth0-vs-react-use-auth, the current authentication package I'm using is not trending as well as this: https://next-auth.js.org/getting-started/introduction
NextAuth includes things like database tables, and so this supersedes the scope of this issue. I'll have to add an issue about changing the underlying auth dependencies.
superseded by #18
User information needs to be stored somewhere and accessible to the whole application's components. React's Context feature can handle this need and is appropriate since user information won't change often. If the user object ends up needing to update more frequently, then Recoil is probably a better state management tool.
Required
What area of the codebase does this involve?
Everything underneath the
_App.tsx
Next.js entrypoint. API routes and the eventualserver.js
bootup file will not be impacted.Relate To Security?
Choosing how to validate user actions will impact security. For starters, it might be good to revalidate access within all page components...so really within
AdminLayout
as it will be put on all admin pages.While the user's credentials need to be checked if the session cookie isn't included in the initial request, checking on each request might slow down the UI rendering vs. assuming the user is who they were a minute ago and confirming after the page loads.
Acceptance Criteria
UserContext
to_App.tsx
and its childrenuseEffect()
hook toAdminLayout
that revalidates user access once the page loads and kicks the user out if improper access