Advanced

Auth

Edit this page

Server functions can be used to protect sensitive resources like user data.

"use server"
async function getPrivatePosts() {
const user = await getUser()
if(!user) {
return null // or throw an error
}
return db.getPosts({ userId: user.id, private: true })
}

The getUser function can be implemented using sessions.


Protected Routes

Routes can be protected by checking the user or session object during data fetching. This example uses Solid Router.

const getPrivatePosts = cache(async function() {
"use server"
const user = await getUser()
if(!user) {
throw redirect("/login");
}
return db.getPosts({ userId: user.id, private: true })
})
export const route = {
load() {
void getPrivatePosts()
}
} satisfies RouteDefinition

Once the user hits this route, the router will immediately attempt to fetch getPrivatePosts data. If the user is not signed in, getPrivatePosts will throw and the router will redirect to the login page.

Report an issue with this page