Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Blitz Auth: Blitz CTX session not populated in api route called from Next.js middleware #4338

Open
ourmaninamsterdam opened this issue May 15, 2024 · 3 comments
Labels
kind/bug Something isn't working status/triage

Comments

@ourmaninamsterdam
Copy link

ourmaninamsterdam commented May 15, 2024

What is the problem?

I'm following these docs and I'm trying to add an API route that can access the user session data from Blitz CTX from an API route from Next.js middleware, but the session is not populated. The query getCurrentUser(), called from a component, returns the data as expected.

My intention is to create auth middleware to redirect a user if they don't have a valid userId and role. My preference was to handle this on the server rather than redirecting on the client using a hook or Page.authenticate.

Paste all your error logs here:

None

Paste all relevant code snippets here:

Middleware: /src/middleware.ts:

import { NextRequest, NextResponse } from "next/server"

export async function middleware(req: NextRequest, res: NextResponse) {
  const response = await fetch(new URL("/api/auth", req.nextUrl.origin), {})
  const data = await response.json()
  console.log("ctx.session", data)
  NextResponse.next()
}

API route from /src/pages/api/auth/index.ts:

import { api } from "src/blitz-server"

export default api(async (_req, res, ctx) => {
  const publicData = ctx.session.$publicData
  res.status(200).json({
    userId: ctx.session.userId,
    publicData: { ...publicData },
  })
})

What are detailed steps to reproduce this?

  1. Clone https://github.com/ourmaninamsterdam/blitzjs-auth-example/
  2. npm i
  3. npm run dev
  4. Go to http://localhost:3000
  5. Hit Sign Up and create an account
  6. Refresh page
  7. Check terminal

Given you're now signed in I would expect the session to be populated with the signed in session data, but it's outputting: ctx.session { userId: null, publicData: { userId: null } }

It's populating the userId on the client from queries without issue.

Run blitz -v and paste the output here:

Blitz version: 2.0.6 (local)
macOS Monterey | darwin-arm64 | Node: v18.12.1
 Package manager: npm

  System:
    OS: macOS 12.6
  Binaries:
    Node: 18.12.1 - ~/.asdf/installs/nodejs/18.12.1/bin/node
    Yarn: Not Found
    npm: 8.19.2 - ~/.asdf/plugins/nodejs/shims/npm
  npmPackages:
    @blitzjs/auth: 2.0.6 => 2.0.6
    @blitzjs/next: 2.0.6 => 2.0.6
    @blitzjs/rpc: 2.0.6 => 2.0.6
    @prisma/client: 4.6.1 => 4.6.1
    blitz: 2.0.6 => 2.0.6
    next: 13.5.4 => 13.5.4
    prisma: 4.6.1 => 4.6.1
    react: 18.2.0 => 18.2.0
    react-dom: 18.2.0 => 18.2.0
    typescript: ^4.8.4 => 4.9.5

Please include below any other applicable logs and screenshots that show your problem:

No response

@ourmaninamsterdam ourmaninamsterdam added kind/bug Something isn't working status/triage labels May 15, 2024
@ourmaninamsterdam ourmaninamsterdam changed the title Blitz CTX session not populated in api route called from Next.js middleware Blitz Auth: Blitz CTX session not populated in api route called from Next.js middleware May 15, 2024
@ourmaninamsterdam
Copy link
Author

ourmaninamsterdam commented May 22, 2024

I tried the same with an App router project as well and saw the same. Is my implementation/understanding of the api handler exported from blitz-server.ts wrong? Or is this a bug?

As all I want to do is check the auth status (against ctx.session.userId or ctx.session.$isAuthorized) in the API route and return that to the Next.js middleware, we can then chooser to redirect if they're unauthorized.

Calling the api route from a component returns the correct data, it's just from middleware there's an issue.

@siddhsuresh
Copy link
Member

siddhsuresh commented Jun 4, 2024

Work in #4341 will fix this

@ourmaninamsterdam
Copy link
Author

Work in #4341 will fix this

@siddhsuresh Been following your changes in #4341 - Will these changes apply to both pages and app router API routes?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Something isn't working status/triage
Projects
None yet
Development

No branches or pull requests

2 participants