github-actions[bot]
commented
1 month ago Branch issue-78-Protect_frontend_pages created!
Closed dct0 closed 1 month ago
github-actions[bot]
commented
1 month ago Branch issue-78-Protect_frontend_pages created!
SetroZ
commented
1 month ago Should I add isAdmin to the jwt token? and then block the create_event route based on isAdmin? What is the point of hiding add event
Basic Information
The only page you should be able to access is the events list and single event page. Take a look at Next.js middleware https://nextjs.org/docs/pages/building-your-application/routing/middleware . Here, we can read the cookies from the http request to determine if the user is logged in or not. We can also make a request to the backend to get the desired permissions or verify the token (not really necessary because it'll create a lot of overhead).
Additionally, the add event button should not be shown for a normal user or unauthenticated user. You can use the existing useAuth hook for this
Other Information
[Are there any additional information that we should know about?]