Authentification

We provide a built-in authentication service, to restrict access to your routes. The following code will reject all requests that don't have the Authorization header:

export default ApiWrapper({
  prismaInstance: new PrismaClient(),
  authentication: {
    callback: (req) => {
      // Here you can check for the validity of a JWT token,
      // retrieve/verify credentials, etc...
      return typeof req.headers["authorization"] !== undefined
    },
  },
})

If you want your user to be authenticated, your callback must return true. Otherwise a 403 response will be sent back.

Note: The parameter req is of type NextApiRequest

Specific methods

If you only want your POST requests to be authenticated against, you just need to provide an extra property to your configuration:

export default ApiWrapper({
  prismaInstance: new PrismaClient(),
  authentication: {
    methods: ["POST"],
  },
})

The default value is: ["POST", "PATCH", "DELETE"]

URL matcher

Want to authenticate your users only if the route matches a certain pattern? Try this:

export default ApiWrapper({
  prismaInstance: new PrismaClient(),
  authentication: {
    matcher: /.*user$/gm,
  },
})

The above example matches all routes that ends with the string user

Ignored routes

If you need to exclude routes from your authentication callback, you can add this option:

export default ApiWrapper({
  prismaInstance: new PrismaClient(),
  authentication: {
    ignoredRoutes: ["/api/user/abc"],
  },
})

This option will exclude the route /api/user/abc from the authentication process

Options Global Fetching