Server-side authentication with Next.js

3

Initialize SDK

Before you can use Appwrite, you need to create the Appwrite Client and set the project ID and endpoint. The client is then used to create services like Databases and Account, so they all point to the same Appwrite project.

Create a function to build services you need in a file like src/lib/server/appwrite.js and exporting the instances.

JavaScript
// src/lib/server/appwrite.js
"use server";
import { Client, Account } from "node-appwrite";
import { cookies } from "next/headers";

export async function createSessionClient() {
  const client = new Client()
    .setEndpoint(process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT)
    .setProject(process.env.NEXT_PUBLIC_APPWRITE_PROJECT);

  const session = await cookies().get("my-custom-session");
  if (!session || !session.value) {
    throw new Error("No session");
  }

  client.setSession(session.value);

  return {
    get account() {
      return new Account(client);
    },
  };
}

export async function createAdminClient() {
  const client = new Client()
    .setEndpoint(process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT)
    .setProject(process.env.NEXT_PUBLIC_APPWRITE_PROJECT)
    .setKey(process.env.NEXT_APPWRITE_KEY);

  return {
    get account() {
      return new Account(client);
    },
  };
}

As part of the function, set the current user's session if they are logged in. This is done by accessing the session cookie from the request and calling the setSession(session) with the cookie value.

Appwrite client security

Notice that createAdminClient and createSessionClient returns a new instance of the Appwrite Client. When using Appwrite in server-integrations, it's important to never share a Client instance between two requests. Doing so could create security vulnerabilities.

Environment variables

NEXT_APPWRITE_KEY, NEXT_PUBLIC_APPWRITE_ENDPOINT and NEXT_PUBLIC_APPWRITE_PROJECT are environment variables that are exported in your project's .env file.

For example, your .env might look something similar to this.

NEXT_APPWRITE_KEY=<YOUR_API_KEY>
NEXT_PUBLIC_APPWRITE_ENDPOINT=https://cloud.appwrite.io/v1
NEXT_PUBLIC_APPWRITE_PROJECT=<PROJECT_ID>

The NEXT_PUBLIC_APPWRITE_ENDPOINT is the endpoint of your appwrite instance , and the NEXT_PUBLIC_APPWRITE_PROJECT is the ID of the project you want to use. You can get the values for these variables from the Appwrite console.

Create project screen

Create project screen

The NEXT_APPWRITE_KEY is an Appwrite API key with the necessary permissions to create new sessions.

For this tutorial you'll need an API key with the following scopes:

CategoryRequired scopesPurpose
Sessionssessions.writeAllows API key to create, update, and delete sessions.

Server integrations

Server integrations