Zynth
In the tutorial we have:
TypeScript
// src/lib/server/appwrite.js
"use server";
import { Client, Account } from "node-appwrite";
import { cookies } from "next/headers";
export async function createSessionClient() {
const client = new Client()
.setEndpoint(process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT)
.setProject(process.env.NEXT_PUBLIC_APPWRITE_PROJECT);
const session = cookies().get("my-custom-session");
if (!session || !session.value) {
throw new Error("No session");
}
client.setSession(session.value);
return {
get account() {
return new Account(client);
},
};
}
export async function createAdminClient() {
const client = new Client()
.setEndpoint(process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT)
.setProject(process.env.NEXT_PUBLIC_APPWRITE_PROJECT)
.setKey(process.env.NEXT_APPWRITE_KEY);
return {
get account() {
return new Account(client);
},
};
}
This essentially makes the createAdminClient (and all other exported functions) into an endpoint anyone could use. Is this on purpose?
Source: https://appwrite.io/docs/tutorials/nextjs-ssr-auth/step-3
TL;DR
Security concern raised about the Next.js Auth tutorial code. By making `createAdminClient` and other functions public, it becomes accessible to anyone, potentially compromising security. Developers should update the code to restrict access to these functions or take necessary precautions. Be cautious of exposing sensitive information. Recommended threads
- Custom emails
What happen if I use a third party email provider to customize my emails and my plan run out of emails/month? Appwrite emails are used as fallback sending emai...
- SyntaxError: Unexpected end of JSON inpu...
I am trying to create a fcm push notification service using appwrite functions with its REST API to invoke that function from my client side app and getting thi...
- Experiencing inconsistent "500 general_u...
I am developing a task management app that uses Appwrite auth. My project is hosted on Appwrite cloud and I've created basic server-side authentication followin...