feat(nextjs,shared,backend,clerk-react): Introduce Protect for authorization#2170
Conversation
🦋 Changeset detectedLatest commit: 79fff5a The changes in this PR will be included in the next version bump. This PR includes changesets to release 11 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
049f69e to
6c59374
Compare
91c3ba3 to
9dfe2b3
Compare
|
!snapshot |
This comment was marked as outdated.
This comment was marked as outdated.
91bf440 to
bda5428
Compare
|
!snapshot |
|
Hey @panteliselef - the snapshot version command generated the following package versions:
Tip: Use the snippet copy button below to quickly install the required packages. npm i @clerk/backend@1.0.1-snapshot.vbda5428 --save-exact
npm i @clerk/chrome-extension@1.0.1-snapshot.vbda5428 --save-exact
npm i @clerk/clerk-js@5.0.1-snapshot.vbda5428 --save-exact
npm i @clerk/clerk-expo@1.0.1-snapshot.vbda5428 --save-exact
npm i @clerk/fastify@1.0.1-snapshot.vbda5428 --save-exact
npm i gatsby-plugin-clerk@5.0.1-snapshot.vbda5428 --save-exact
npm i @clerk/localizations@2.0.1-snapshot.vbda5428 --save-exact
npm i @clerk/nextjs@5.0.1-snapshot.vbda5428 --save-exact
npm i @clerk/clerk-react@5.0.1-snapshot.vbda5428 --save-exact
npm i @clerk/remix@4.0.1-snapshot.vbda5428 --save-exact
npm i @clerk/clerk-sdk-node@5.0.1-snapshot.vbda5428 --save-exact
npm i @clerk/shared@2.0.1-snapshot.vbda5428 --save-exact
npm i @clerk/themes@2.0.1-snapshot.vbda5428 --save-exact
npm i @clerk/types@4.0.1-snapshot.vbda5428 --save-exact |
be85aef to
636a20a
Compare
| noAuthStatusMessage: authAuthHeaderMissing(), | ||
| })(buildRequestLike()); | ||
|
|
||
| (authObject as AuthSignedIn).protect = params => { |
There was a problem hiding this comment.
We talked about supporting redirectUrl as an optional parameter when doing authz checks, but I can't remember if we decided to omit that for the initial implementation 🤔
auth().protect({ role: 'admin' }, { redirectUrl: '/home' })There was a problem hiding this comment.
I think we are skipping this. Especially with something like notAuthorized we wouldn't need to support redirectUrl
LekoArts
left a comment
There was a problem hiding this comment.
Public API-wise I'd like to talk about this before we merge it (hence the request changes to block it):
<Protect condition={has => has({"org:appointment:accept"}) || has({"org:appointment:decline"}) }>This feels inconsistent. It would need to be either of those two things:
- Like the
<Protect permission="foobar">prop so without the{} - Like the rest of the
hasfunctions so{ permission: "foobar" }
I'd prefer 2) as then has would be consistent everywhere
PR description was incorrect, implementation is like 2)
d4a99be to
e07c709
Compare
…rue and no user or org
…hen user is signed out" This reverts commit cf736cc
24efeec to
79fff5a
Compare
|
|
!snapshot |
|
Hey @panteliselef - the snapshot version command generated the following package versions:
Tip: Use the snippet copy button below to quickly install the required packages. npm i @clerk/backend@1.0.1-snapshot.v79fff5a --save-exact
npm i @clerk/chrome-extension@1.0.1-snapshot.v79fff5a --save-exact
npm i @clerk/clerk-js@5.0.1-snapshot.v79fff5a --save-exact
npm i @clerk/clerk-expo@1.0.1-snapshot.v79fff5a --save-exact
npm i @clerk/fastify@1.0.1-snapshot.v79fff5a --save-exact
npm i gatsby-plugin-clerk@5.0.1-snapshot.v79fff5a --save-exact
npm i @clerk/localizations@2.0.1-snapshot.v79fff5a --save-exact
npm i @clerk/nextjs@5.0.1-snapshot.v79fff5a --save-exact
npm i @clerk/clerk-react@5.0.1-snapshot.v79fff5a --save-exact
npm i @clerk/remix@4.0.1-snapshot.v79fff5a --save-exact
npm i @clerk/clerk-sdk-node@5.0.1-snapshot.v79fff5a --save-exact
npm i @clerk/shared@2.0.1-snapshot.v79fff5a --save-exact
npm i @clerk/themes@2.0.1-snapshot.v79fff5a --save-exact
npm i @clerk/types@4.0.1-snapshot.v79fff5a --save-exact |
…ization (#2170) (#2309) * feat(nextjs,shared,backend,clerk-react): Introduce Protect for authorization (#2170) * fix(types): Avoid using `ts-expect-error` as it may fail for hosting apps * fix(types,nextjs): Improve complex type * fix(types): Typescript v5 cannot infer types correctly * fix(types): Update MembershipRole and OrganizationPermissionKey to not resolve to `any`
…ization (#2170) * feat(nextjs,shared,backend,clerk-react): Support permissions in Gate * chore(types,backend,clerk-react): Create type for OrganizationCustomPermissions * chore(types,backend,clerk-react): Create type for custom roles * chore(types,backend,clerk-react): Add changeset * chore(types,backend,clerk-react): Add comments * chore(types,nextjs): Remove custom types * fix(clerk-react): Missing `some` support for has in useAuth * chore(types,clerk-react): Use OrganizationCustomPermission for permissions in ssr * chore(nextjs): Drop redirect from RSC `<Gate/>` * feat(types,nextjs,clerk-react,backend): Rename Gate to Protect - Drop `some` from the `has` utility and Protect. Protect now accepts a `condition` prop where a function is expected with the `has` being exposed as the param. - Protect can now be used without required props. In this chae behaves as `<SignedIn>` if no authorization props are passed. - `has` will throw an error if neither `permission` or `role` is passed. * feat(nextjs): Introduce `auth().protect()` for App Router Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated. When `auth().protect()` is called - inside a page or layout file it will render the nearest `not-found` component set by the developer - inside a route handler it will return empty response body with a 404 status code * chore(types): Add `Key` prefix to OrganizationCustomPermission * chore(nextjs): Remove duplicate types * chore(nextjs): Minor improvements in readability * chore(nextjs): Mark protect utility as experimental for Nextjs * chore(nextjs): Minor improvements * fix(nextjs,clerk-react,backend): Utility `has` is undefined when user is signed out * fix(clerk-react): Utility `has` returns false when user isLoaded is true and no user or org * chore(clerk-react,nextjs): Improve comments * fix(clerk-react): Eliminate flickering of fallback for CSR applications * feat(types): Allow overriding of types for custom roles and permissions * chore(repo): Update changeset file * fix(types): `MembershipRole` will include custom roles if applicable * chore(nextjs): Improve readability of conditionals * Revert "fix(nextjs,clerk-react,backend): Utility `has` is undefined when user is signed out" This reverts commit cf736cc * fix(clerk-js,types): Remove `experimental` from checkAuthorization
Description
This PR builds upon the
Experimental__Gateandexperimental__hasthere introduced recently.experimentaltags and prefixessomefrom thehasutility and Protect. Protect now accepts aconditionprop where a function is expected with thehasbeing exposed as the param.<SignedIn>, if no authorization props are passed.haswill throw an error if neitherpermissionorroleis passed.auth().protect()
Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
When
auth().protect()is callednot-foundcomponent set by the developerExamples
RSC in Nextjs
Client component
hasfrom the Auth objectprotectfromauth()only for App RouterType-safety for custom roles and permissions
Create a
clerk.d.tsfile and replaceClerkAuthorizationwith your own typesIf the file is a module, you can do this
Checklist
npm testruns as expected.npm run buildruns as expected.Type of change
Packages affected
@clerk/backend@clerk/chrome-extension@clerk/clerk-js@clerk/clerk-expo@clerk/fastifygatsby-plugin-clerk@clerk/localizations@clerk/nextjs@clerk/clerk-react@clerk/remix@clerk/clerk-sdk-node@clerk/shared@clerk/themes@clerk/typesbuild/tooling/chore