Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

getServerSession is null in route handlers when I call the api from server component - next13 app directopry #7693

Closed
rezaaa opened this issue May 31, 2023 · 4 comments
Closed

getServerSession is null in route handlers when I call the api from server component - next13 app directopry #7693

rezaaa opened this issue May 31, 2023 · 4 comments
Labels
triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.

Comments

@rezaaa
Copy link

rezaaa commented May 31, 2023

Environment

next 13.4.3 and next-auth ^4.22.1

Reproduction URL

Describe the issue

Hi

I'm using next 13.4.3 and next-auth ^4.22.1 and this is my API folder:

image

properties/route.ts

export async function GET() {
  const session = await getServerSession(authOptions)
  if (!session) {
    return new Response("Unauthorized", { status: 403 })
  }
  const response = await fetch(`${getApiUrl()}${PROPERTIES}`,
    {
      headers: {
        'content-type': 'application/json',
        "Authorization": `Bearer ${session?.tokens?.access_token}`
      }
    }
  );
  const data = await response.json();
  return new Response(JSON.stringify(data), {
    status: 200,
    headers: {
      'content-type': 'application/json'
    }
  });
}

When I call be API from a server component, the session is null but when I call it from a client component it works!

How to reproduce

Expected behavior
@rezaaa rezaaa added the triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime. label May 31, 2023
@joulev
Copy link

joulev commented Jun 1, 2023

The reason is that when you fetch route handlers from server components, cookies are not available (it's only available when the request is made from the browser).

This is not a bug; you shouldn't fetch route handlers inside server components, instead just use the route handlers logic in server components directly. Instead of

export default async function Page() {
  const res = await fetch("http://localhost:3000/api/user?uid=123456");
  const user = await res.json();
  return <div>{user?.name}</div>;
}

use

import { prisma } from "~/lib/prisma";

export default async function Page() {
  const user = await prisma.user.findUnique({ where: { id: 123456 } });
  return <div>{user?.name}</div>;
}

@balazsorban44
Copy link
Member

Duplicate. See #7423 (comment)

(Please search through old issues before opening a new one. 🙏)

@CodeOnTheWall
Copy link

But how would you do a post/delete/patch then? how do we protect the api routes so that people cant send postman requets to our api routes that are respondible for post/patch/delete? would we just still do that on a protected server component and for example if the db is with mongo, we would directly do mongoose methods on our model from the server component instead of doing that logic inside the api route?

@sheleoni sheleoni mentioned this issue Aug 31, 2023
Closed
@Gyurmatag
Copy link

@balazsorban44 what if I want to use server actions but I also want to build an API that is available for the public (with authentication) from my backend Next.js project?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rezaaa @balazsorban44 @Gyurmatag @joulev @CodeOnTheWall