kinde-auth-nextjs icon indicating copy to clipboard operation
kinde-auth-nextjs copied to clipboard

Published 20 hours ago verified publisher icon kinde-oss

feature: implenment aunthentication function to protect Page components

Open yyaskriloff opened this issue 9 months ago • 5 comments

Adding a protectPage function

Adding a function to wrap a Page component that will implement basic authentication on a component level instead of using a middleware or rewriting authentication logic in every component you want to protect.

The reason I think this is a valuable contribution is because a big part of component development is that you don't separate by concerns but rather by functionality. moving the authentication to a separate file (middleware.ts) I think kinda contradicts that. On the other hand, writing the authentication logic in every protected route can get really repetitive so being able to authenticate in the page file but also not rewrite code possibly tens of times in a project is a useful feature.

the way it would be used is

const Page = () => <h1> for users only </h1>

export default protectPage(Page)

This may also be a good option for protecting layouts so you can protect any nested routes under it.

I also added a way to check for roles and permissions that can be expanded on.

Checklist

🛟 If you need help, consider asking for advice over in the Kinde community.

Summary by CodeRabbit

  • New Features
    • Introduced a new protection mechanism for page components, enhancing security by redirecting users based on authentication status and permissions.
    • Added the protectPage function to enforce protection logic.
    • Improved handling of authentication in the handleAuth export.

yyaskriloff avatar Apr 28 '24 13:04 yyaskriloff

Walkthrough

The recent update enhances security features in a Next.js application by introducing protection mechanisms for both page components and API route handlers. New functions, protectPage and protectApi, have been implemented to enforce authentication, roles, and permissions. These functions are now accessible throughout the application as they are exported in the server index file.

Changes

File Change Summary
src/handlers/protect.js Added protectPage and protectApi functions to manage authentication and authorization for pages and APIs.
src/server/index.js Exported protectPage and protectApi from ../handlers/protect and adjusted the export formatting for handleAuth.

[!TIP]

New Features and Improvements

Review Settings

Introduced new personality profiles for code reviews. Users can now select between "Chill" and "Assertive" review tones to tailor feedback styles according to their preferences. The "Assertive" profile posts more comments and nitpicks the code more aggressively, while the "Chill" profile is more relaxed and posts fewer comments.

AST-based Instructions

CodeRabbit offers customizing reviews based on the Abstract Syntax Tree (AST) pattern matching. Read more about AST-based instructions in the documentation.

Community-driven AST-based Rules

We are kicking off a community-driven initiative to create and share AST-based rules. Users can now contribute their AST-based rules to detect security vulnerabilities, code smells, and anti-patterns. Please see the ast-grep-essentials repository for more information.

New Static Analysis Tools

We are continually expanding our support for static analysis tools. We have added support for biome, hadolint, and ast-grep. Update the settings in your .coderabbit.yaml file or head over to the settings page to enable or disable the tools you want to use.

Tone Settings

Users can now customize CodeRabbit to review code in the style of their favorite characters or personalities. Here are some of our favorite examples:

  • Mr. T: "You must talk like Mr. T in all your code reviews. I pity the fool who doesn't!"
  • Pirate: "Arr, matey! Ye must talk like a pirate in all yer code reviews. Yarrr!"
  • Snarky: "You must be snarky in all your code reviews. Snark, snark, snark!"

Revamped Settings Page

We have redesigned the settings page for a more intuitive layout, enabling users to find and adjust settings quickly. This change was long overdue; it not only improves the user experience but also allows our development team to add more settings in the future with ease. Going forward, the changes to .coderabbit.yaml will be reflected in the settings page, and vice versa.

Miscellaneous

  • Turn off free summarization: You can switch off free summarization of PRs opened by users not on a paid plan using the enable_free_tier setting.
  • Knowledge-base scope: You can now set the scope of the knowledge base to either the repository (local) or the organization (global) level using the knowledge_base setting. In addition, you can specify Jira project keys and Linear team keys to limit the knowledge base scope for those integrations.
  • High-level summary placement: You can now customize the location of the high-level summary in the PR description using the high_level_summary_placeholder setting (default @coderabbitai summary).
  • Revamped request changes workflow: You can now configure CodeRabbit to auto-approve or request changes on PRs based on the review feedback using the request_changes_workflow setting.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot] avatar Apr 28 '24 13:04 coderabbitai[bot]

@peterphanouvong I see in #152 you added getRoles after it's merged I can use that instead of getAccessToken when checking roles.

yyaskriloff avatar Apr 28 '24 15:04 yyaskriloff

Great contribution!

Someone from our team will check properly soon.

DanielRivers avatar Apr 28 '24 17:04 DanielRivers

Once the above comments have been addressed I will merge and release

DanielRivers avatar May 10 '24 11:05 DanielRivers

I'm new to this can I merge upstream into this branch and use the new roles function?

yyaskriloff avatar May 10 '24 12:05 yyaskriloff

Hi @yyaskriloff ,

What was the reason for closing, it on my list to get this merged and released?

DanielRivers avatar May 24 '24 09:05 DanielRivers

I pulled the code from a project I did while doing so I stupidly let co pilot fill in some code and it got it wrong that's why there were so many corrections. In addition I'm not to familiar with merging upstream and stuff like that and I wanted to use a newer version of package. The main reason though is while looking through reacts docs and the compiler it says adhering to the rules of react is very important. One of the rules is not to call a component directly as a function which is how this was implemented. Considering the fact that in next you can opt in to use the react compiler I thought it would be better to create a new pr with updated package and try to reimplement the higher order function to not call the component as a function.

yyaskriloff avatar May 24 '24 09:05 yyaskriloff

@DanielRivers theres a lot of issues with this pr i would like to fix mainly kinde is not even defined (sorry). I'm not sure the effort involved maybe it's not worth it if this pr is not gonna be used but is there a guide on how to test any changes i tried figuring it out but didn't work. if not i'll make a pr to remove this code because non of it works.

yyaskriloff avatar Sep 23 '24 06:09 yyaskriloff

@yyaskriloff , feel free to raise a fix PR. I like the approach

DanielRivers avatar Sep 23 '24 21:09 DanielRivers