feature: add same authentication function with api routes

kinde-oss · Apr 28, 2024 · 76d4e2c · 76d4e2c
1 parent cec3037
commit 76d4e2c
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 3 deletions.
diff --git a/src/handlers/protect.js b/src/handlers/protect.js
@@ -1,5 +1,6 @@
 export {default as getKindeServerSession} from '../session/index';
 import {redirect} from 'next/navigation';
+import {NextResponse} from 'next/server';
 
 /**
  * A higher-order function that wraps a page component and adds protection logic.
@@ -12,7 +13,7 @@ import {redirect} from 'next/navigation';
  * @returns {Function} - The protected page component.
  */
 
-const protectPage =
+export const protectPage =
   (page, config = {redirect: '/api/auth/login', statusCode: 302}) =>
   async (props) => {
     const {isAuthenticated, getAccessToken, getPermission, getPermissions} =
@@ -58,4 +59,58 @@ const protectPage =
     return page(props);
   };
 
-export default protectPage;
+/**
+ * Protects a Next.js API route handler with authentication and authorization.
+ * @param {Function} handler - The Next.js API route handler.
+ * @param {Object} config - The configuration object.
+ * @param {string[]} config.role - The required role(s) for accessing the protected page.
+ * @param {string|string[]} config.permissions - The required permission(s) for accessing the protected page.
+ * @returns {Function} - The protected API route handler.
+ */
+
+export const protectApi = (handler, config) => async (req) => {
+  const {isAuthenticated, getAccessToken, getPermission, getPermissions} =
+    kinde();
+  try {
+    const isSignedIn = await isAuthenticated();
+
+    if (!isSignedIn) {
+      return NextResponse.json({statusCode: 401, message: 'Unauthorized'});
+    }
+
+    if (config.role) {
+      const token = await getAccessToken();
+      const roles = token?.roles;
+      if (!roles || !config.role.some((role) => roles.includes(role))) {
+        return res.redirect({statusCode: 403, message: 'Forbidden'});
+      }
+    }
+
+    if (typeof config.permissions === 'string') {
+      const hasPermission = await getPermission(config.permissions);
+      if (!hasPermission) {
+        return NextResponse.json({statusCode: 403, message: 'Forbidden'});
+      }
+    }
+
+    if (Array.isArray(config.permissions)) {
+      const permissions = await getPermissions();
+      if (
+        !config.permissions.some((permission) =>
+          permissions.includes(permission)
+        )
+      ) {
+        return NextResponse.json({statusCode: 403, message: 'Forbidden'});
+      }
+    }
+  } catch (error) {
+    // return NextResponse.json({
+    //   statusCode: 500,
+    //   message: 'Internal Server Error'
+    // });
+    console.error('Error protecting page', error);
+    return null;
+  }
+
+  return handler(req);
+};
diff --git a/src/server/index.js b/src/server/index.js
@@ -8,4 +8,4 @@ export {
 } from '../components/index';
 export {createKindeManagementAPIClient} from '../api-client';
 export {default as handleAuth} from '../handlers/auth';
-export {default as protectPage} from '../handlers/protect';
+export {protectPage, protectApi} from '../handlers/protect';