Mugetsu
Mugetsu2y ago

NextJs middleware broken by tRPC

Hi, I have a NextJs middleware that is redirecting to the login page. Basically an Auth guard over my all pages and apis but I have a problem with tRPC api routes. Whenever NextJs middleware pickup /api/trpc call and there is no session it tries to redirect to the login page breaking the redirect and trpc itself. Is there a way to get this working so redirect would actually work as expected?
13 Replies
Alex / KATT 🐱
You might need a custom link at the end to deal with it Unsure what you expect the trpc api request to do here though
Mugetsu
Mugetsu2y ago
yeah I was looking at links but cant actually get to understand them
Alex / KATT 🐱
I think you should exclude the trpc api requests in your middleware
Mugetsu
Mugetsu2y ago
But then i need to handle unathorized on the client side like in queryclientconfig. I was expecting I would be able to handle this with nextjsmiddleware which would be much simpler having guard in one place
Alex / KATT 🐱
You're on your own here, I'm afraid. Nextjs middlewares have a lot unexpected behaviours when it overrides the api calls like this - I don't use them myself and don't have the capacity to solve your problems with them
Mugetsu
Mugetsu2y ago
I see. Yeah I've been searching for a few days already. I guess I will go with client handle for trpc then. Thanks for quick response tho @alex / KATT . Loving tRPC keep up the good work ❤️
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
Mugetsu
Mugetsu2y ago
@Bennett My usecase is simple. I dont need to expose my api to external clients so its pure backend for fronted api and everything of the app must be gated behind OneLogin oauth. So Ideally with use of the nextJs middleware I suppose to be able to authorise my app within single place for all my page routes and api routes. With middleware I should be able to achieve checking/validating the authorisation before request even hits my api endpoints. So there would be no extra trip to server for it to checking auth in trpc context and returning auth status to the client and then action on it. With middleware I can remove that extra layer and handle auth before request even tries reaching that particular api route if my understanding is correct. But what I found is that trpc swallows the redirects due to nature of fetch not being able to redirect document. Here are my findings https://github.com/trpc/trpc/issues/3081
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
Mugetsu
Mugetsu2y ago
@Bennett How the response json should look like then for it to work?? I believe this wont fix the problem as trpc httplinks are swallowing the response if I respond with 401 anyway.
return NextResponse.json(
{
result: { data: 1 },
},
{ status: 401 }
);
return NextResponse.json(
{
result: { data: 1 },
},
{ status: 401 }
);
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
Mugetsu
Mugetsu2y ago
Yeah I would like to have some response to the issue but I believe @alex / KATT is currently busy with doing stable release of v10 👀 For now I exclude trpc api from middleware and handle it globally with reactquery onerror but I believe if Im not mistaken that this will be anyway an issue once NextAuth will figure out middleware database sessions instead of jwt. I havent checked if this is also an issue with current nextauth middleware if I find time I will check
Alex / KATT 🐱
Haha, I'm busy with day to day work, trpc is mainly evenings, weekends, and got half a day a week to work at it during work hours 😅