Security
Authentication
Authentication
Setup
Authentication is securely handled by NextAuth.js (v5 beta).
Session Strategy
jwt (Stateless).Role Matrix
| Permission | Owner | Admin | Editor | Viewer |
|------------|-------|-------|--------|--------|
| Login | ✅ | ✅ | ✅ | ✅ |
| View Content | ✅ | ✅ | ✅ | ✅ |
| Edit Content | ✅ | ✅ | ✅ | ❌ |
| Configure Settings | ✅ | ✅ | ❌ | ❌ |
| Invite Users | ✅ | ✅ | ❌ | ❌ |
| Delete Owner | ❌ | ❌ | ❌ | ❌ |
Protecting Routes
Secure usage in Server Components:
import { auth } from "@/auth";
export async function Page() {
const session = await auth();
if (!session || session.user.role !== 'ADMIN') {
return <div>Access Denied</div>
}
// ...
}