Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Implementation:FlowiseAI Flowise RequireAuth

From Leeroopedia
Knowledge Sources
Domains Authorization, Routing
Last Updated 2026-02-12 07:00 GMT

Overview

RequireAuth is a React route guard component that enforces authentication, permission checks, and feature flag validation before rendering its children, redirecting unauthorized users to login or unauthorized pages.

Description

The RequireAuth component implements a multi-step authorization pipeline. First, it waits for the config to load. Then it checks if the user is authenticated (redirecting to /login if not). For open-source deployments, it renders children unless a display flag is specified (feature-flagged routes are not shown in open-source mode). For cloud and enterprise deployments, it checks both RBAC permissions (via useAuth().hasPermission) and feature flags (via a checkFeatureFlag helper). Global administrators bypass permission checks but are still subject to feature flag checks. The helper checkFeatureFlag validates that the features object exists, is not empty, and that the specific flag is enabled (true or "true").

Usage

Use this component to wrap any route element that requires authentication and/or specific permissions. It is used extensively in CanvasRoutes and MainRoutes to guard individual pages.

Code Reference

Source Location

Signature

const checkFeatureFlag = (features, display, children) => { ... }

export const RequireAuth = ({ permission, display, children }) => { ... }

RequireAuth.propTypes = {
    permission: PropTypes.string,
    display: PropTypes.string,
    children: PropTypes.element
}

Import

import { RequireAuth } from '@/routes/RequireAuth'

I/O Contract

Inputs

Name Type Required Description
permission string No Comma-separated permission ID(s) to check (e.g., chatflows:view, templates:marketplace,templates:custom). If omitted, no permission check is performed.
display string No Feature flag key to check (e.g., feat:datasets). If specified, the route is only accessible when the flag is enabled. In open-source mode, routes with a display flag redirect to unauthorized.
children element Yes The React element to render when all authorization checks pass.

Outputs

Name Type Description
JSX React.ReactElement Renders children if authorized, Navigate to /login if unauthenticated, Navigate to /unauthorized if permission or feature check fails, or null while config is loading.

Authorization Flow

  1. Wait for config to load (return null during loading)
  2. Check authentication: redirect to /login if currentUser is null
  3. Open Source mode: render children if no display flag; redirect to /unauthorized if display is set
  4. Cloud / Enterprise mode:
    1. If display is set: verify permissions exist, check global admin status, validate feature flag
    2. If display is not set: check permission (global admins bypass)
  5. Fallback: redirect to /unauthorized

Usage Examples

Basic Usage

import { RequireAuth } from '@/routes/RequireAuth'

// In route configuration
{
    path: '/chatflows',
    element: (
        <RequireAuth permission="chatflows:view">
            <Chatflows />
        </RequireAuth>
    )
}

With Feature Flag

{
    path: '/datasets',
    element: (
        <RequireAuth permission="datasets:view" display="feat:datasets">
            <Datasets />
        </RequireAuth>
    )
}

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Implementation:FlowiseAI_Flowise_RequireAuth&oldid=2855"