陌讯skills聚合平台

authentication

📁 santiagoxor/pintureria-digital 📅 7 days ago
1
总安装量
1
周安装量
#50816
全站排名
安装命令
npx skills add https://github.com/santiagoxor/pintureria-digital --skill authentication

Agent 安装分布

amp 1
opencode 1
cursor 1
kimi-cli 1
codex 1
github-copilot 1

Skill 文档

Authentication

Quick Start

When working with authentication:

  1. Use auth() from @/lib/auth to get current session
  2. Verify roles before admin operations
  3. Use middleware for route protection
  4. Never store tokens in localStorage (use httpOnly cookies)
  5. Validate JWT tokens in API routes

Key Files

  • auth.ts – NextAuth.js configuration
  • src/lib/auth/ – Auth utilities
  • middleware.ts – Route protection
  • src/app/api/auth/ – Auth API routes

Common Patterns

Get Current Session

import { auth } from '@/lib/auth';

export async function GET(request: NextRequest) {
  const session = await auth();
  
  if (!session) {
    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
  }
  
  return NextResponse.json({ user: session.user });
}

Check Admin Role

const session = await auth();

if (session?.user?.role !== 'admin') {
  return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
}

Protected API Route

import { auth } from '@/lib/auth';
import { NextRequest, NextResponse } from 'next/server';

export async function POST(request: NextRequest) {
  // 1. Check authentication
  const session = await auth();
  if (!session) {
    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
  }
  
  // 2. Check authorization (if needed)
  if (session.user.role !== 'admin') {
    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
  }
  
  // 3. Process request
  const body = await request.json();
  // ... business logic
}

Middleware Protection

// middleware.ts
import { auth } from '@/lib/auth';
import { NextResponse } from 'next/server';

export async function middleware(request: NextRequest) {
  const session = await auth();
  
  // Protect admin routes
  if (request.nextUrl.pathname.startsWith('/admin')) {
    if (!session || session.user.role !== 'admin') {
      return NextResponse.redirect(new URL('/login', request.url));
    }
  }
  
  return NextResponse.next();
}

Sign In/Out

import { signIn, signOut } from '@/lib/auth';

// Sign in
await signIn('google', {
  callbackUrl: '/dashboard',
});

// Sign out
await signOut({
  callbackUrl: '/',
});

User Roles

  • admin – Full access
  • customer – Regular user
  • moderator – Limited admin access

Session Structure

interface Session {
  user: {
    id: string;
    email: string;
    name?: string;
    role: 'admin' | 'customer' | 'moderator';
    image?: string;
  };
  expires: string;
}
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。