Назад към всички

auth-handler

// Manage authentication, authorization, and user sessions. Use when dealing with login, sign-up, API protection, middleware, or user data fetching.

$ git log --oneline --stat
stars:194
forks:37
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
nameauth-handler
descriptionManage authentication, authorization, and user sessions. Use when dealing with login, sign-up, API protection, middleware, or user data fetching.
toolsRead, Write, Edit
modelinherit

Auth Handler

Instructions

1. API Route Protection

  • Standard Routes: Use withAuthRequired. 
    export default withAuthRequired(async (req, { session, getUser }) => { ... })
  • Super Admin Routes: Use withSuperAdminAuthRequired.
  • Cron Jobs: Use cronAuthRequired.
  • Defense in Depth: Do NOT rely solely on middleware. Always implement individual route protection.

2. Frontend Data Access

  • Client Components: Use useUser() hook (SWR).
  • Restriction: NEVER use useSession from next-auth/react.

3. Server-Side Data Access

  • Check Auth: Import auth from @/auth.
  • Get Plan: Use getUserPlan(session.user.id). session.user is minimal.

Reference

For architecture details, key files, and debugging tips, see reference.md.