Authorization
It uses a JWT (fun fact, it's pronounced "jot") token to authorize users. You can import auth()
to wrap the protected API routes. Here's the example:
ts
ReqWithUser
is an extended type of NextRequest that includes the user data. You can use it to get the user's name, email, and other user data.
ā It supports getting the JWT token from the cookie or the Authorization header.
Role-Based Access Control (RBAC)
NextReady also supports role-based access control (RBAC). You can create a role and assign it to the user in the admin panel (/~admin
). Each user can have 1 role and multiple permissions.
-
withRoles
Checking if the user has one of the required roles. Eg.
withRoles(['user', 'admin'])
it will check if the user has auser
ORadmin
role.ts
-
withPermissions
Checking if the user has the required permissions. Eg.
withPermissions(['user:read', 'user:write'])
it will check if the user has bothuser:read
ANDuser:write
permissions.ts