undefined | Better HN

0 pointswhoknowsidont1y ago0 comments

You don't do it everywhere. You do it in the source system. The Next.JS application should just be doing "sanity" checks and passing along identity information at most. That belongs in the middleware layer, but it's not authoritative.

If bypassing a middleware layer is the one "trust me bro" check you have in your web app, then lol.

That's actually really hilarious and you should tell me what company/website that's for so I can submit some bug bounties.

0 comments

arandomusername1y ago

Isn't next.js the "source system" (or whatever that means) in most cases, since most apps are just next.js + database? I don't use next.js but my understanding is it does both backend and frontend.

You will never bypass middleware on my services because they actually always run. If you can't rely on your middleware then you are using the wrong tech.

I haven't heard any good reason as to why not have auth in your middleware lawyer. Just attempt to shrug it away as a "trust me bro" check. Are if statements trust me bro too? Only thing you shouldn't be doing is using garbage software like next js

From next.js homepage > Middleware > Take control of the incoming request. Use code to define routing and access rules for authentication, experimentation, and internationalization.

whoknowsidontOP1y ago

>Isn't next.js the "source system"

Absolutely not. You are pulling from something else. If you need authorization to view a page that means it's more than likely not going to be SSG or ISR, so both the Next.JS application and the source system should be doing authorization checks.

>If you can't rely on your middleware then you are using the wrong tech.

"If you can't rely on server less functions to run"

I mean, I can't help you there if that's your expectation that serverless functions will always run correctly.

>Just attempt to shrug it away as a "trust me bro" check.

If you lose identity and your system just chugs along anyway then there isn't a tech stack in the world that can help you.

>I haven't heard

Because you're being a dense muppet?

arandomusername1y ago

> I mean, I can't help you there if that's your expectation that serverless functions will always run correctly.

Crashing, failing I/O, are expected. What's not expected is logic code being ignored. I can't take you serious when you think it's acceptable to just skip past parts of your code.

If you think bypassing middlewares is acceptable you are completely deluded. But I guess that's needed to pay $150/TB for bandwidth.

1 more reply

j / k navigate · click thread line to collapse

0 comments

arandomusername1y ago

Isn't next.js the "source system" (or whatever that means) in most cases, since most apps are just next.js + database? I don't use next.js but my understanding is it does both backend and frontend.

You will never bypass middleware on my services because they actually always run. If you can't rely on your middleware then you are using the wrong tech.

From next.js homepage > Middleware > Take control of the incoming request. Use code to define routing and access rules for authentication, experimentation, and internationalization.

whoknowsidontOP1y ago

>Isn't next.js the "source system"

>If you can't rely on your middleware then you are using the wrong tech.

"If you can't rely on server less functions to run"

I mean, I can't help you there if that's your expectation that serverless functions will always run correctly.

>Just attempt to shrug it away as a "trust me bro" check.

If you lose identity and your system just chugs along anyway then there isn't a tech stack in the world that can help you.

>I haven't heard

Because you're being a dense muppet?

arandomusername1y ago

> I mean, I can't help you there if that's your expectation that serverless functions will always run correctly.

Crashing, failing I/O, are expected. What's not expected is logic code being ignored. I can't take you serious when you think it's acceptable to just skip past parts of your code.

If you think bypassing middlewares is acceptable you are completely deluded. But I guess that's needed to pay $150/TB for bandwidth.

1 more reply

j / k navigate · click thread line to collapse