Ezz-Auth
Sign InSign Up

Server Utilities

requireAuth

The requireAuth helper is a protective wrapper for Server Actions and API handlers. It ensures that only authenticated requests proceed to execute sensitive logic.

Usage

Call this at the beginning of your Server Action to secure the operation:

terminal
import { requireAuth } from "@ezz-auth/next";

export async function updateUserData(formData) {
  // Guard clause: throws if unauthenticated
  const user = await requireAuth();

  // Logic only runs if user is valid
  const result = await db.user.update({
    where: { id: user.id },
    data: { name: formData.get("name") }
  });

  return result;
}

Security Principles

Strict Enforcement

Executes a mandatory session check on the server before any subsequent code can run.

Bypass Protection

Unlike client-side checks, this cannot be bypassed by manipulating the browser state or JS console.

Immediate Halt

Automatically throws an unauthorized error or triggers a redirect if the session is invalid.