How can I authenticate users when they call an api route on nextjs?

[tenkaiguy]

First off, thanks for making this library! I'm new to this and it really helped me learn a lot setting up auth.

import { NextRequest, NextResponse } from "next/server";

export async function GET(
  req: NextRequest,
) {
  console.log(req);
  // Return response
  return NextResponse.json({ message: "ok" }, { status: 200 });
}

For authenticating api side, what is the best way to do it? From what I understand, most uses Bearer token in the request headers, but how can I retrieve the Bearer token from lucia and attach it when the client is fetching data from the API? It doesn't exist when I console.log(req) even though I'm logged in.

  headers: Headers {
    host: 'localhost:3000',
    connection: 'keep-alive',
    accept: '*/*',
    'accept-language': '*',
    'sec-fetch-mode': 'cors',
    'user-agent': 'node',
    'accept-encoding': 'gzip, deflate',
    'x-forwarded-host': 'localhost:3000',
    'x-forwarded-port': '3000',
    'x-forwarded-proto': 'http',
    'x-forwarded-for': '::1'
  },

Sorry if I asked some dumb questions, but appreciate any help!

[pilcrowonpaper]

Well for bearer tokens, you need to manually attach the token in the Authorization header:

POST https://example.com/user
Authorization: Bearer <TOKEN>

And then you could do

const authorizationHeader = req.headers.get("Authorization");
if (authorizationHeader === null) {
  res.writeHeader(401);
  return;
}
const parts = authorizationHeader.split(" ");
if (parts.length !== 2 || (parts[0] !== "Bearer") {
  res.writeHeader(401);
  return;
}
const sessionToken = parts[1];

(this doesn't use a specific API)