Authentication
The PTSQ library itself does not provide authentication, this must be done externally either by a library supporting authentication or by its own implementation. Because PTSQ allows sending and receiving cookies and HTTP headers in server requests and responses, the user login process can be easily implemented. Typically, authentication is performed using JWT (opens in a new tab) tokens that are stored on the client, either in cookies or, for example, in local storage. This can be done by sending a JWT token in the Authorization header with each request, or automatically by setting cookies.
Libraries like Next-auth (opens in a new tab) or PassportJS (opens in a new tab) can be used to create easy authentication. Inside the function that creates the context of the PTSQ request, the JWT token that came with the HTTP request can then be decoded to add the user data to the context, thereby publicizing this information to all the endpoints and middleware that can further operate on the data.
export const createContext = async (options: {
req: NextApiRequest;
res: NextApiResponse;
}) => {
const session = await getServerSession(
options.req,
options.res,
nextAuthOptions,
);
return {
...options,
session,
};
};