Zynth
In the tutorial we have:
TypeScript
// src/lib/server/appwrite.js
"use server";
import { Client, Account } from "node-appwrite";
import { cookies } from "next/headers";
export async function createSessionClient() {
const client = new Client()
.setEndpoint(process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT)
.setProject(process.env.NEXT_PUBLIC_APPWRITE_PROJECT);
const session = cookies().get("my-custom-session");
if (!session || !session.value) {
throw new Error("No session");
}
client.setSession(session.value);
return {
get account() {
return new Account(client);
},
};
}
export async function createAdminClient() {
const client = new Client()
.setEndpoint(process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT)
.setProject(process.env.NEXT_PUBLIC_APPWRITE_PROJECT)
.setKey(process.env.NEXT_APPWRITE_KEY);
return {
get account() {
return new Account(client);
},
};
}
This essentially makes the createAdminClient (and all other exported functions) into an endpoint anyone could use. Is this on purpose?
Source: https://appwrite.io/docs/tutorials/nextjs-ssr-auth/step-3
TL;DR
Security concern raised about the Next.js Auth tutorial code. By making `createAdminClient` and other functions public, it becomes accessible to anyone, potentially compromising security. Developers should update the code to restrict access to these functions or take necessary precautions. Be cautious of exposing sensitive information. Recommended threads
- how to store array of objects as an attr...
department: [ { branch: "branchName", speciality: ["specialityName", "specialityName2"], }, ], storing this as an attribute
- Limit exceeded
status of 429 {"message":"The current user session could not be found.","code":404,"type":"user_session_not_found","version":"1.6.0"}
- Invalid UserId in react
I have created a blog website in REACT. When I try to post, sometimes an error is shown.