🚀Announcing Flightcontrol - Easily Deploy Blitz.js and Next.js to AWS 🚀
Back to Documentation Menu

Auth Hooks & Utilities

Topics

Jump to a Topic

useSession()

useSession(options?) => Partial<PublicData> & {isLoading: boolean}

Example

import { useSession } from "@blitzjs/auth"

const session = useSession()

Arguments

  • options:
    • Optional
    • initialPublicData: PublicData - Use this with SSR to set public data from the server session
    • suspense: boolean - Defaults to true

Returns

  • session: Partial<PublicData> & {isLoading: boolean}

useAuthenticatedSession()

useAuthenticatedSession(options?) => PublicData & {isLoading: boolean}

This will throw AuthenticationError if the user is not logged in

Example

import { useAuthenticatedSession } from "@blitzjs/auth"

const session = useAuthenticatedSession()

Arguments

  • options:
    • Optional
    • initialPublicData: PublicData - Use this with SSR to set public data from the server session
    • suspense: boolean - Defaults to true

Returns

  • session: PublicData & {isLoading: boolean}

useAuthorize()

useAuthorize() => void

This will throw AuthenticationError if the user is not logged in

Example

import { useAuthorize } from "@blitzjs/auth"

useAuthorize()

Arguments

  • None

Returns

  • Nothing

useRedirectAuthenticated()

useRedirectAuthenticated(to: string) => void

This will redirect a logged in user to the given url path. It does nothing for logged out users.

Example

import { useRedirectAuthenticated } from "@blitzjs/auth"

useRedirectAuthenticated("/dashboard")

Arguments

  • to: string
    • Required
    • The url path to redirect logged in users to

Returns

  • Nothing

generateToken()

generateToken(numberOfCharacters: number = 32) => string

This is a convenience wrapper around nanoid for generating tokens for things like password resets.

Example Usage

import { generateToken } from "@blitzjs/auth"

const token = generateToken()

hash256()

hash256(value: string) => string

This is a convenience wrapper that uses the node crypto module to hash a string with the sha256 algorithm. It is used for things like hashing password reset tokens before saving them in the database.

Hash256 is also useful for storing strings like API keys in the database because the returned hash will always be the same for a given string. Therefore, you can still verify that an API key exists in the database when the only value you have to reference is the hashed key.

Example Usage

import { hash256 } from "@blitzjs/auth"

const hashedToken = hash256(token)

SecurePassword

SecurePassword is a convenience wrapper around secure-password to provide a nice way to hash passwords and verify password hashes.

import { SecurePassword } from "@blitzjs/auth"

await SecurePassword.hash(password)
await SecurePassword.verify(passwordHash, password)

SecurePassword.hash(password: string) => Promise<string>

This is used when a user sets a new password.

It takes a password string and returns a secure hash for storing in your database.

SecurePassword.hash will return a different hash when given the same string, hence the necessity of SecurePassword.verify to compare hashes.

SecurePassword.verify(passwordHash: string, password: string) => Promise<ResultCode>

This is used when a user logs in to verify they used the correct password.

It takes a password hash from your database and the given password. It will verify the given password is correct and return a result code, or if incorrect, it will throw AuthenticationError.

Result Codes

SecurePassword.VALID

The password was verified and is valid

SecurePassword.VALID_NEEDS_REHASH

The password was verified and is valid, but needs to be rehashed with new parameters

SecurePassword.HASH_BYTES

Size of the hash Buffer returned by hash and hashSync and used by verify and verifySync.

Example Usage

import { AuthenticationError } from "blitz"
import { SecurePassword } from "@blitzjs/auth"
import db from "db"

export const authenticateUser = async (
  email: string,
  password: string
) => {
  const user = await db.user.findFirst({ where: { email } })
  if (!user) throw new AuthenticationError()

  const result = await SecurePassword.verify(
    user.hashedPassword,
    password
  )

  if (result === SecurePassword.VALID_NEEDS_REHASH) {
    // Upgrade hashed password with a more secure hash
    const improvedHash = await SecurePassword.hash(password)
    await db.user.update({
      where: { id: user.id },
      data: { hashedPassword: improvedHash },
    })
  }

  const { hashedPassword, ...rest } = user
  return rest
}

setPublicDataForUser()

setPublicDataForUser(userId: PublicData['userId'], publicData: Record<any, any>) => void

This can be used to update the publicData of a user's sessions. It can be useful when changing a user's role, since the new permissions can be enforced as soon as the user is doing the next request.

Example Usage

import { setPublicDataForUser } from "@blitzjs/auth"
import db from "db"

export const updateUserRole = async (
  userId: PublicData["userId"],
  role: string
) => {
  // update the user's role
  await db.user.update({ where: { id: userId }, data: { role } })
  // update role in all active sessions
  await setPublicDataForUser(userId, { role })
}

Idea for improving this page? Edit it on GitHub.