useSession()useSession(options?) => Partial<PublicData> & {isLoading: boolean}
import { useSession } from "blitz"
const session = useSession()options:initialPublicData: PublicData - Use this with SSR to set public data
from the server sessionsuspense: boolean - Defaults to truesession: Partial<PublicData> & {isLoading: boolean}useAuthenticatedSession()useAuthenticatedSession(options?) => PublicData & {isLoading: boolean}
This will throw AuthenticationError if the user is not logged in
import { useAuthenticatedSession } from "blitz"
const session = useAuthenticatedSession()options:initialPublicData: PublicData - Use this with SSR to set public data
from the server sessionsuspense: boolean - Defaults to truesession: PublicData & {isLoading: boolean}useAuthorize()useAuthorize() => void
This will throw AuthenticationError if the user is not logged in
import { useAuthorize } from "blitz"
useAuthorize()useRedirectAuthenticated()useRedirectAuthenticated(to: string) => void
This will redirect a logged in user to the given url path. It does nothing for logged out users.
import { useRedirectAuthenticated } from "blitz"
useRedirectAuthenticated("/dashboard")to: stringgenerateToken()generateToken(numberOfCharacters: number = 32) => stringThis is a convenience wrapper around nanoid for generating tokens for things like password resets.
import { generateToken } from "blitz"
const token = generateToken()hash256()hash256(value: string) => stringThis is a convenience wrapper that uses the node
crypto module to hash a string with
the sha256 algorithm. It is used for things like hashing password reset
tokens before saving them in the database.
import { hash256 } from "blitz"
const hashedToken = hash256(token)SecurePasswordSecurePassword is a convenience wrapper around
secure-password to provide
a nice way to hash passwords and verify password hashes.
import { SecurePassword } from "blitz"
await SecurePassword.hash(password)
await SecurePassword.verify(passwordHash, password)SecurePassword.hash(password: string) => Promise<string>This is used when a user sets a new password.
It takes a password string and returns a secure hash for storing in your database.
SecurePassword.verify(passwordHash: string, password: string) => Promise<ResultCode>This is used when a user logs in to verify they used the correct password.
It takes a password hash from your database and the given password. It
will verify the given password is correct and return a result code, or if
incorrect, it will throw AuthenticationError.
SecurePassword.VALID
The password was verified and is valid
SecurePassword.VALID_NEEDS_REHASH
The password was verified and is valid, but needs to be rehashed with new parameters
SecurePassword.HASH_BYTES
Size of the hash Buffer returned by hash and hashSync and used by
verify and verifySync.
import { SecurePassword, AuthenticationError } from "blitz"
import db from "db"
export const authenticateUser = async (
email: string,
password: string
) => {
const user = await db.user.findFirst({ where: { email } })
if (!user) throw new AuthenticationError()
const result = await SecurePassword.verify(
user.hashedPassword,
password
)
if (result === SecurePassword.VALID_NEEDS_REHASH) {
// Upgrade hashed password with a more secure hash
const improvedHash = await SecurePassword.hash(password)
await db.user.update({
where: { id: user.id },
data: { hashedPassword: improvedHash },
})
}
const { hashedPassword, ...rest } = user
return rest
}