feature: implenment aunthentication function to protect Page components

[yyaskriloff]

Adding a protectPage function

Adding a function to wrap a Page component that will implement basic authentication on a component level instead of using a middleware or rewriting authentication logic in every component you want to protect.

The reason I think this is a valuable contribution is because a big part of component development is that you don't separate by concerns but rather by functionality. moving the authentication to a separate file (middleware.ts) I think kinda contradicts that. On the other hand, writing the authentication logic in every protected route can get really repetitive so being able to authenticate in the page file but also not rewrite code possibly tens of times in a project is a useful feature.

the way it would be used is

const Page = () => <h1> for users only </h1>

export default protectPage(Page)

This may also be a good option for protecting layouts so you can protect any nested routes under it.

I also added a way to check for roles and permissions that can be expanded on.

Checklist

• [x] I have read the “Pull requests” section in the contributing guidelines.
• [x] I agree to the terms within the code of conduct.

🛟 If you need help, consider asking for advice over in the Kinde community.

[coderabbitai[bot]]

Walkthrough

The recent update enhances security features in a Next.js application by introducing protection mechanisms for both page components and API route handlers. New functions, protectPage and protectApi, have been implemented to enforce authentication, roles, and permissions. These functions are now accessible throughout the application as they are exported in the server index file.

Changes

File	Change Summary
src/handlers/protect.js	Added protectPage and protectApi functions to manage authentication and authorization for pages and APIs.
src/server/index.js	Exported protectPage and protectApi from ../handlers/protect and adjusted the export formatting for handleAuth.

[!TIP]

New Features and Improvements

## Review Settings Introduced new personality profiles for code reviews. Users can now select between "Chill" and "Assertive" review tones to tailor feedback styles according to their preferences. The "Assertive" profile posts more comments and nitpicks the code more aggressively, while the "Chill" profile is more relaxed and posts fewer comments. ## AST-based Instructions CodeRabbit offers customizing reviews based on the Abstract Syntax Tree (AST) pattern matching. Read more about AST-based instructions in the [documentation](https://docs.coderabbit.ai/guides/review-instructions#ast-based). ## Community-driven AST-based Rules We are kicking off a community-driven initiative to create and share AST-based rules. Users can now contribute their AST-based rules to detect security vulnerabilities, code smells, and anti-patterns. Please see the [ast-grep-essentials](https://github.com/coderabbitai/ast-grep-essentials) repository for more information. ## New Static Analysis Tools We are continually expanding our support for static analysis tools. We have added support for `biome`, `hadolint`, and `ast-grep`. Update the settings in your `.coderabbit.yaml` file or head over to the settings page to enable or disable the tools you want to use. ## Tone Settings Users can now customize CodeRabbit to review code in the style of their favorite characters or personalities. Here are some of our favorite examples: - Mr. T: "You must talk like Mr. T in all your code reviews. I pity the fool who doesn't!" - Pirate: "Arr, matey! Ye must talk like a pirate in all yer code reviews. Yarrr!" - Snarky: "You must be snarky in all your code reviews. Snark, snark, snark!" ## Revamped Settings Page We have redesigned the settings page for a more intuitive layout, enabling users to find and adjust settings quickly. This change was long overdue; it not only improves the user experience but also allows our development team to add more settings in the future with ease. Going forward, the changes to `.coderabbit.yaml` will be reflected in the settings page, and vice versa. ## Miscellaneous - Turn off free summarization: You can switch off free summarization of PRs opened by users not on a paid plan using the `enable_free_tier` setting. - Knowledge-base scope: You can now set the scope of the knowledge base to either the repository (`local`) or the organization (`global`) level using the `knowledge_base` setting. In addition, you can specify Jira project keys and Linear team keys to limit the knowledge base scope for those integrations. - High-level summary placement: You can now customize the location of the high-level summary in the PR description using the `high_level_summary_placeholder` setting (default `@coderabbitai summary`). - Revamped request changes workflow: You can now configure CodeRabbit to auto-approve or request changes on PRs based on the review feedback using the `request_changes_workflow` setting.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

Tips

### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit .` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai generate interesting stats about this repository and render them as a table.` - `@coderabbitai show all the console.log statements in this repository.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (invoked as PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger a review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai help` to get help. Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. ### CodeRabbit Configration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

[yyaskriloff]

@peterphanouvong I see in #152 you added getRoles after it's merged I can use that instead of getAccessToken when checking roles.

[DanielRivers]

Great contribution!

Someone from our team will check properly soon.

[DanielRivers]

Once the above comments have been addressed I will merge and release

[yyaskriloff]

I'm new to this can I merge upstream into this branch and use the new roles function?

[DanielRivers]

Hi @yyaskriloff ,

What was the reason for closing, it on my list to get this merged and released?

[yyaskriloff]

I pulled the code from a project I did while doing so I stupidly let co pilot fill in some code and it got it wrong that's why there were so many corrections. In addition I'm not to familiar with merging upstream and stuff like that and I wanted to use a newer version of package. The main reason though is while looking through reacts docs and the compiler it says adhering to the rules of react is very important. One of the rules is not to call a component directly as a function which is how this was implemented. Considering the fact that in next you can opt in to use the react compiler I thought it would be better to create a new pr with updated package and try to reimplement the higher order function to not call the component as a function.