@storyofams/next-password-protect
Advanced tools
Password protect your Next.js deployments. View demo (Password is secret)
This library adds a password prompt to your Next.js deployment. It consists of two main parts:
Important: The recommended use case for this library is in a staging or preview environment. By taking advantage of webpack's DefinePlugin, we can make sure this library is only included in certain environments, keeping the production bundle size small.
This library is NOT meant as a secure password authentication wrapper, but rather as a way to keep nosey people out.
yarn add @storyofams/next-password-protect
# or
npm install @storyofams/next-password-protect
There are 3 steps to enabling password protect: setting a global variable, adding the API routes, and adding the HOC to _app.
In order to be able to take advantage of dead code elimination, it is recommended to add an environment variable like process.env.PASSWORD_PROTECT, and enable the library based on that variable. To set this variable, add the following to next.config.js:
module.exports = {
env: {
// Add any logic you want here, returning `true` to enable password protect.
PASSWORD_PROTECT: process.env.ENVIRONMENT === 'staging',
}
});
Add two api routes, one with the loginHandler and one with the passwordCheckHandler api function. You can name them anything, as long as you pass the names to loginApiPath and checkApiPath respectively, in the next step. By default it expects /login and /passwordCheck.
import { loginHandler } from "@storyofams/next-password-protect";
export default loginHandler("YOUR_SECRET_PASSWORD", {
// Options go here (optional)
cookieName: "next-password-protect",
});
import { passwordCheckHandler } from "@storyofams/next-password-protect";
export default passwordCheckHandler("YOUR_SECRET_PASSWORD", {
// Options go here (optional)
cookieName: "next-password-protect",
});
Add the withPasswordProtect HOC to the default export of App in pages/_app.tsx:
import { withPasswordProtect } from "@storyofams/next-password-protect";
// Before: export default App;
export default process.env.PASSWORD_PROTECT
? withPasswordProtect(App, {
// Options go here (optional)
loginApiPath: "/login",
cookieName: "next-password-protect",
})
: App;
Note: make sure to specify loginApiPath and/or loginApiPath if the api route(s) are not default.
loginHandler(password: string, options)
The options object can contain any of the following options:
| Option | Description | Default value |
|---|---|---|
cookieMaxAge | Cookie Max-Age attribute | undefined |
cookieName | The name of the authorization cookie | 'next-password-protect' |
cookieSameSite | SameSite cookie attribute | false |
cookieSecure | Secure flag on the cookie | process.env.NODE_ENV === 'production' |
passwordCheckHandler(password: string, options)
The options object can contain any of the following options:
| Option | Description | Default value |
|---|---|---|
cookieName | The name of the authorization cookie | 'next-password-protect' |
withPasswordProtect(App: NextApp, options)
The options object can contain any of the following options:
| Option | Description | Default value |
|---|---|---|
cookieName | The name of the authorization cookie | 'next-password-protect' |
checkApiUrl | Relative path of the api route handled by passwordCheckHandler | '/api/passwordCheck' |
loginApiUrl | Relative path of the api route handled by loginHandler | '/api/login' |
loginComponent | Supply your own React component to show as login prompt | LoginComponent |
loginComponentProps | Properties object to customize the login prompt, without overriding the entire component (see below) | {} |
The loginComponentProps object can contain any of the following options:
| Option | Description | Default value |
|---|---|---|
backUrl | Show a link with this URL to go back to main website | undefined |
buttonBackgroundColor | Login button background color | '#01EDBC' |
buttonColor | Login button color | '#111' |
logo | Show a logo above the prompt (img src) | undefined |
To change the default login component, a React component can be supplied to the withPasswordProtect HOC. In order for the library to function properly, make sure your login component has password input that is validated by the the api route.
You can use src/hoc/LoginComponent.tsx as a starting point.
AMP is not yet supported, because the LoginComponent failed AMP validation. On an AMP page, nothing is rendered. This could be fixed by changing LoginComponent to valid AMP.
FAQs
Password protect your Next.js deployments.
We found that @storyofams/next-password-protect demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket Firewall Enterprise is now available with flexible deployment, configurable policies, and expanded language support.
Security News
Open source dashboard CNAPulse tracks CVE Numbering Authorities’ publishing activity, highlighting trends and transparency across the CVE ecosystem.
Product
Detect malware, unsafe data flows, and license issues in GitHub Actions with Socket’s new workflow scanning support.