search

csdojo-defaang / defaang

A website that will curate recently-asked interview questions from FAANG+. Currently inactive. Check out: https://github.com/ykdojo/OpenStream
MIT License
509 stars 120 forks source link

[BUG] Figure out a better way to redirect from the question submission page #271

Closed ykdojo closed 1 year ago

ykdojo commented 1 year ago

Description

When you try to go to the question submission page before logging in, you're redirected to the signup page.

This behavior is good, but with the current redirect method, the back button doesn't work.

Is there a better way to redirect to avoid this issue?

Olyno commented 1 year ago

Hi 👋🏻 I could help, can you indicate me where the redirection is?

ykdojo commented 1 year ago

@Olyno thank you. Did you try finding it yourself first?

Olyno commented 1 year ago

Actually, i got a look in the code, and got confused by how Supabase was used. I'm not sure why you're using Supabase on the server side only, while you could use on the client.

I think the way to solve your issue would be to move the auth security on the server side, and remove the session object to use the user object from Supabase directly, using the Supabase auth helper. I can do it for you if that's okay.

sanyamjain04 commented 1 year ago

I have solved this issue in one line. Can I create a PR @ykdojo ?

ykdojo commented 1 year ago

Actually, i got a look in the code, and got confused by how Supabase was used. I'm not sure why you're using Supabase on the server side only, while you could use on the client.

This repo will hopefully help you understand it better: https://github.com/ykdojo/supabase-nextjs-simple-auth

Olyno commented 1 year ago

This repo will hopefully help you understand it better: ykdojo/supabase-nextjs-simple-auth

I mean, look at the pr i did, this is completely different

ykdojo commented 1 year ago

@Olyno did you look though this repo though?

Olyno commented 1 year ago

I looked at the repo, and this one is exactly like the current one. Both repos use an authentication system on the client with local storage, which is a bad practice in my opinion.

Supabase provides many tools to make authentication simple, but you are using localStorage as verification, which is not secure at all.

ykdojo commented 1 year ago

How would you recommend that we implement this then?

Olyno commented 1 year ago

As I said, the best would be to use the tools that Supabase offers, and to make an authentication in SSR if you use a server part. If you use only client, in this case it should be privileged that the client, but it is not your case.

You can see the implementation I recommend in PR #272

ykdojo commented 1 year ago

Thank you. I added a comment on #272

Akshay1018 commented 1 year ago

https://user-images.githubusercontent.com/62614172/194637365-9692c409-3c48-4abf-b139-9c191ff73105.mp4

Akshay1018 commented 1 year ago

I tried to solve it on my local machine. My approach is to take the session as a prop and while routing the submit question using href, add a ternary check if the session is there then redirect to an add question page otherwise signup page.

Akshay1018 commented 1 year ago

Another way to resolve this issue is by adding private routes for the pages where we need the user should be logged in.