How to

Setup

Project Configuration Branding Updating the Logo Updating the Fonts Updating the Favicons Environment variables Setting up Emails

Marketing Pages

Updating the Navigation menu Adding Pages

User Interface

Dark Theme Theming

Application Pages

Adding Pages Updating the Sidebar menu Passing data from server to client Guarding Pages

Authentication

Change Authentication strategy Require Email Verification

API Routes

Adding API Routes Guarding an API Route Calling API Routes from the client Checking CSRF Tokens

Contextual Data

Fetching the signed in User Fetching the selected Organization

Reading Data

Reading a Document Reading a list of Documents

Writing Data

Creating a Document Updating a Document Deleting a Document

Payments

Configuring Plans Running the Stripe Webhook locally Using Lemon Squeezy instead of Stripe

Translations

Adding a new translation string Setting a Default Language Adding a new language Using the Language Switcher Detect current Locale

Getting Started

Introduction Technical Details Clone the repository Running the application Coding Conventions

Configuration

Global Configuration Setting up your Firebase Project Feature Flags Setting up Firebase Functions

Architecture

Architecture and Folder Structure Structure your Application Data Model

UI

Tailwind CSS Shadcn UI Themes

Authentication

Auth Overview Setting up Firebase Auth Auth Flow Third-Party Providers Email Link Authentication Multi-Factor Authentication Requiring Email verification Auth SSR Page Guards API Guards Prevent abuse with AppCheck Custom React Hooks Troubleshooting

Data Fetching

Writing data to Firestore Fetching data from Firestore API requests Reading data from Storage Uploading data to Storage Writing your own Fetch

Development

Building Features Commands Code Style Security Rules Translations and Locales Sending Emails Writing API Routes Validating API payload with Zod Logging Enable CORS Encrypting Secrets User Roles

Payments

Stripe Configuration Stripe Webhooks One-Time Payments Migrate to Lemon Squeezy Disable Stripe

Admin

Overview Adding Admins

Blog and Docs

Overview Blog Documentation Search Functionality

Organizations

Overview Extending Organizations User Permissions Subscription Permissions Custom React Hooks

Utilities

MDX React Hooks

Migrations

Migrating to 0.11.0

Testing

Running Tests CI Tests Limitations

Going to Production

Production Checklist Environment Variables Security Rules

Plugins

Cookie Banner Feedback Popup AI Chatbot

API Reference

Reactfire useCurrentOrganization useCurrentUserRole useUserSession useIsSubscriptionActive withAppProps withTranslationProps withAuthProps withPipe withMethodsGuard withAuthedUser withExceptionFilter withCsrf

withCsrf

The "withCsrf" is a utility function that help you protect API endpoints from CSRF attacks.

The withCsrf function is used to protect API endpoints from CSRF attacks. It will return a 403 error if the CSRF token is invalid.


import { NextApiRequest,NextApiResponse } from "next";
 
import { withAuthedUser } from '~/core/middleware/with-authed-user';
import { withPipe } from '~/core/middleware/with-pipe';
import { withExceptionFilter } from '~/core/middleware/with-exception-filter';
import { withCsrf } from '~/core/middleware/with-csrf';
 
export default function owner(req: NextApiRequest, res: NextApiResponse) {
  const handler = withPipe(
    withCsrf(),
    withAuthedUser,
    (req, res) => {
      res.status(200).json({ message: 'Hello World!' });
    }
  );
 
  return withExceptionFilter(req, res)(handler);
}

PreviouswithExceptionFilter

Subscribe to our Newsletter

Get the latest updates about React, Remix, Next.js, Firebase, Supabase and Tailwind CSS