fastify-nextjs
csrf-protection
fastify-nextjs | csrf-protection | |
---|---|---|
1 | 1 | |
516 | 132 | |
1.0% | 3.0% | |
8.9 | 6.2 | |
4 days ago | 18 days ago | |
JavaScript | JavaScript | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
fastify-nextjs
-
Auth.js Authentication for the Web
I like fastify more than express due to the great opinions (json schema, hooks etc). I use fastify + the fastify-nextjs plugin. It works great and lets you expose custom request decorations from node.js to next.js.
Maybe this can help you too: https://github.com/fastify/fastify-nextjs
The only drawback is the slow startup time of next.js, which becomes really annoying with huge next.js projects. But for smaller projects, fastify-nextjs is fine.
csrf-protection
-
Secure CSRF alternative to csurf
First of all, fastify/csrf-protection * Their default getTokenValue is okay as it is retrieving the token value from custom headers, which can only be sent by JS on the same domain. It does not have the same body/query param fall back like csurf. * They introduced a "userInfo" property in order to avoid session-hijacking, however, in doing this, they introduced a BIG problem. * If you use their userInfo option, you can no longer use their protection to protect unauthenticated routes. * Session hijacking should be resolved by destroying and re-creating sessions after login and after logout, it should NOT be dependent on the CSRF protection layer. * They are using their own fork of csrf which was originally used by csurf and is a tad outdated, this protection does not let you configure the size of your tokens.
What are some alternatives?
nextjs-postgres-auth-starter - Next.js + Tailwind + Typescript + Drizzle + NextAuth + PostgreSQL starter template.
fastify-rate-limit - A low overhead rate limiter for your routes
nextjs-mysql-auth-starter - Next.js + Tailwind + Typescript + Prisma + NextAuth + PostgreSQL starter template. [Moved to: https://github.com/vercel/nextjs-postgres-auth-starter]
fastify-swagger - Swagger documentation generator for Fastify
fastify-vite - Fastify plugin for Vite integration.
create-jd-app - The quickest and most efficient way to start new full stack, type safed Solid web app
next-auth - Authentication for the Web.
edc_password_generator_next
fastify-oauth2 - Enable to perform login using oauth2 protocol
Keycloak - Open Source Identity and Access Management For Modern Applications and Services