Comments (2)
Hey @ahaasler — yes, this is totally possible. But, our local API does not accept token
as an argument. Instead, it accepts a full user
.
We would certainly accept a PR that exposes a new property to our local API called userToken
or similar, that will accept a string JWT and attempt to verify / decode it for use as a user, but right now, we only accept a user.
To decode the token and pass it as a user
to the payload.find
local API method, you would do something like this:
import jwt from 'jsonwebtoken';
import { notFound } from "next/navigation";
import { getPayloadClient } from "@/content/payloadClient";
import { Post } from "@/content/types";
import RichText from "@/components/RichText";
import { cookies } from 'next/headers'
async function getPostBySlug(slug: string): Promise<Post> {
const payload = await getPayloadClient();
const cookieStore = cookies()
// new line to verify JWT using cookie value and payload secret
const user = jwt.verify(cookieStore.get('payload-token').value, payload.secret)
const posts = await payload.find({
collection: "posts",
overrideAccess: false,
// just pass the user
user,
where: {
slug: {
equals: slug,
},
},
});
return posts.docs[0];
}
I haven't tested the above, but this should work just fine!
Give it a shot?
from next-payload.
Hi @jmikrut, thanks for your help. It almost works out of the box.
When using roles, the user document in the token does not work for access control without including said roles.
If the role can be inferred from the email the solution is pretty easy:
if (user?.email === "[email protected]") {
user.roles = ["admin"]
}
If that is not possible, a user search solves it:
const userWithRoles = await payload.findByID({
collection: "users",
id: user?.id
})
But the best solution is to modify the user collection so that the roles are stored on the token with saveToJWT: true,
:
import type { CollectionConfig } from 'payload/types'
export const Users: CollectionConfig = {
slug: 'users',
auth: true,
admin: {
...
},
access: {
...
},
fields: [
...
{
name: 'roles',
type: 'select',
hasMany: true,
saveToJWT: true,
defaultValue: ['public'],
required: true,
access: {
...
},
options: ['admin', 'public'],
},
],
}
from next-payload.
Related Issues (20)
- Broken with Next.js 14 HOT 10
- Local File Upload Path Mismatch? HOT 4
- Warning: ToastContainer HOT 2
- getPayload is not a function / req.payload is a Promise? HOT 3
- Payload CMS overrides styled-component GlobalStyles HOT 1
- App crashes with postgresql HOT 2
- Unable to set up with postgres on 13.5.6 (works with mongodb) HOT 1
- Cannot find module '../payload/payload.config.ts'
- API Key: You are not allowed to perform this action. HOT 1
- `Error [ERR_REQUIRE_ESM]: require() of ES Module` error when using component in /pages instead of /app folder HOT 4
- Custom views don't work HOT 2
- `getPayloadClient()` fails in server actions HOT 2
- Builds dont work with next14 HOT 6
- Status 500 error with vercel deploy (next14) HOT 2
- Unexpected handler pages/api/[collection]/lib/worker.js HOT 1
- Can't login '/admin' after creating initial admin account on '/admin' page (Next.JS 14 with next-payload) HOT 4
- Incompatability with lexical editor HOT 1
- Unexpected handler pages/api/[collection]/lib/worker.js in next-payload HOT 5
- `loadConfig is not a function` when running `next-payload build` HOT 2
- Full restart required for changes to apply correctly HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from next-payload.