|
|
|
|
|
|
by joseferben
515 days ago
|
|
|
for example: imo it's easier to spot the authn/authz issue here export default function handler(
req: NextApiRequest,
res: NextApiResponse<ResponseData>
) {
// updating user details without authn/authz
} than here "use server" export async function updateUser(email: string, age: number) {
// updating user details without authn/authz
} without having read any next docs. engineers got trained to consider authn/authz the moment they see "http route/endpoint", maybe being more explicit about what happens in the api would help? or next could provide an authn api for server actions that authn providers would implement? |
|
|