Is there a simple way to issue JWT tokens when writing API interfaces for NextJS? And is it more convenient to verify JWT tokens and roles?

[bbhxwl]

Summary

Is there a simple way to issue JWT tokens when writing API interfaces for NextJS? And is it more convenient to verify JWT tokens and roles?

Additional information

No response

Example

No response

[ayushman1413]

Install Dependencies: npm install jsonwebtoken bcryptjs
pages/api/auth.ts
code start 👎

import type { NextApiRequest, NextApiResponse } from "next";
import jwt from "jsonwebtoken";
import bcrypt from "bcryptjs";

const SECRET_KEY = process.env.JWT_SECRET_KEY || "your-secret-key";
const mockUser = { id: 1, email: "[email protected]", password: bcrypt.hashSync("password123", 10), role: "admin" };

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
const { method, headers, body } = req;
if (method === "POST") {
const { email, password } = body;
if (email !== mockUser.email || !bcrypt.compareSync(password, mockUser.password)) return res.status(401).json({ message: "Invalid credentials" });
const token = jwt.sign({ id: mockUser.id, email, role: mockUser.role }, SECRET_KEY, { expiresIn: "1h" });
return res.status(200).json({ token });
}
if (method === "GET") {
const token = headers.authorization?.split(" ")[1];
if (!token) return res.status(401).json({ message: "Unauthorized" });
try {
const decoded = jwt.verify(token, SECRET_KEY);
if (decoded.role !== "admin") return res.status(403).json({ message: "Forbidden: Admins only" });
return res.status(200).json({ message: "Welcome, Admin!", user: decoded });
} catch {
return res.status(401).json({ message: "Invalid token" });
}
}
res.setHeader("Allow", ["POST", "GET"]);
res.status(405).end(Method ${method} Not Allowed);
}

[bbhxwl]

Install Dependencies: npm install jsonwebtoken bcryptjs pages/api/auth.ts code start 👎

import type { NextApiRequest, NextApiResponse } from "next"; import jwt from "jsonwebtoken"; import bcrypt from "bcryptjs";

const SECRET_KEY = process.env.JWT_SECRET_KEY || "your-secret-key"; const mockUser = { id: 1, email: "[email protected]", password: bcrypt.hashSync("password123", 10), role: "admin" };

export default async function handler(req: NextApiRequest, res: NextApiResponse) { const { method, headers, body } = req; if (method === "POST") { const { email, password } = body; if (email !== mockUser.email || !bcrypt.compareSync(password, mockUser.password)) return res.status(401).json({ message: "Invalid credentials" }); const token = jwt.sign({ id: mockUser.id, email, role: mockUser.role }, SECRET_KEY, { expiresIn: "1h" }); return res.status(200).json({ token }); } if (method === "GET") { const token = headers.authorization?.split(" ")[1]; if (!token) return res.status(401).json({ message: "Unauthorized" }); try { const decoded = jwt.verify(token, SECRET_KEY); if (decoded.role !== "admin") return res.status(403).json({ message: "Forbidden: Admins only" }); return res.status(200).json({ message: "Welcome, Admin!", user: decoded }); } catch { return res.status(401).json({ message: "Invalid token" }); } } res.setHeader("Allow", ["POST", "GET"]); res.status(405).end(Method ${method} Not Allowed); }

What I most want to know is how to limit the role of API methods when writing them? Can methods be annotated like Python or C #? For example, the following code can easily limit the role of each method
What I most want to know is how to limit the role of API methods when writing them? Can methods be annotated like Python or C #? For example, the following code can easily limit the role of each method. If you want to determine the role, do you need to write parsing and judgment for each method?