Monday, April 28 2025 \u2013 Last week, I continued working on restricting unauthorized users from directly accessing UI pages, such as when they try to search for a page URL manually. To guide me, I referred to a blog titled “Authorization in Next.js” by Robin Wieruch, published on March 25, 2025. The blog explored several methods for implementing authorization, and I decided to focus on securing routing.<\/p>\n\n\n\n
One key takeaway from the blog was the importance of a defense mechanism in place for routing. Without it, unauthorized users might still manage to navigate to the page (which is a security risk). However, if the necessary authorization checks are implemented within the API, Service, and Data Access Layers, unauthorized users won’t be able to read or modify any data. Still, adding this layer of protection not only enhances security but also improves the user experience, which is why it’s highly recommended.<\/p>\n\n\n\n
To implement this in my project, I placed all related files into an “authorized” folder and created a layout file that included the necessary security check. The layout file essentially checks whether the user has access; if they don\u2019t, they\u2019re automatically redirected to the login page.<\/p>\n\n\n\n
Once that was in place, I focused on implementing role-based authorization, with admin users. I customized the navigation bar to ensure that features specific to certain roles only appear for users with the correct role. To do this, I added a “role” property to the page configuration so that only users with the “Admin” role could see certain features in the navbar.<\/p>\n\n\n\n
Finally, I worked on page-level authorization for each individual page. For each one, I added a check to determine the user’s role. If the user is an admin, they can access the page\u2019s data; otherwise, they will be shown an “Unauthorized” page. This added layer of security ensures that only authorized users can access specific content.<\/p>\n","protected":false},"excerpt":{"rendered":"
Monday, April 28 2025 \u2013 Last week, I continued working on restricting unauthorized users from directly accessing UI pages, such as when they try to search for a page URL manually. To guide me, I referred to a blog titled “Authorization in Next.js” by Robin Wieruch, published on March 25, 2025. The blog explored several … <\/p>\n