Somewhat general question about convex
Somewhat general question about convex+nextjs: I'd like to do the following:
- all users have to be authenticated to view the site
- Only users from the allow-list table can view all pages
- There is one page that could be viewed even by people who are not in the allow-list.
What's the best way to achieve this?
4 Replies
Check out this guide on apps with logged out mode. https://docs.convex.dev/using/auth#app-with-a-logged-out-mode
On the backend, you can have your convex functions fail if the auth isn't in a whitelist.
Authentication | Convex Developer Hub
Add authentication to your Convex app.
I suppose for your requirements - instead of a logged out mode, you can have a query that checks if you're on the allow-list, and conditionally render depending on the value of that query.
But the guide is still helpful I think.
For security purposes, it may be helpful to factor your "allowlist" logic into a helper that you call from the top of all of your queries.
There's a good article about this kind of "middleware" on stack https://stack.convex.dev/wrappers-as-middleware-authentication
Authentication: Wrappers as “Middleware”
Using wrapper functions like withUser can help you organize your code into middleware-like blocks that you can compose to keep your function logic con...
Thank you, will take a look!