to build out the auth flow further:
First, make a helper function to check for the logged_in cookie.
Then, the login page can redirect to the dashboard if the user already has a logged-in session:
`<Route exact path="/" render={() => (
isLoggedIn() ? (
) : (
)
)}/>`
Next, all of the pages that should only show for logged-in people get the "opposite" redirect - if the user is not logged in, redirect back to the login page:
`<Route exact path="/dashboard" render={() => (
!isLoggedIn() ? (
) : (
)
)}/>`
The last part of the whole auth flow is to use the server's jwt token as an auth token for all of the network requests that are made. That token is also being passed down as a cookie in postLogin, so to finish things out, you'd pass that token as a header with every axios network request once the logged-in user was viewing the dashboard and such, then in the server, you'd first store the login tokens in a new table when they're created (username, token, expiration), so that in other request handlers you can pull the request's auth token out of the header and check against the table that it's a real, legitimate token. As a bonus, your request handler could use that token lookup to know which user is making the request.
https://github.com/gazaskygeeks/mpcc-assistant/blob/6c0d9f5c76bfbdaaca06b7ae96da798f17b20cd3/src/client/components/App.js#L28
This might already be on your roadmap but it looks like /dashboard and the other pages are viewable in the browser if you type them into the address bar yourself. You could use the cookies already being sent in these lines: https://github.com/gazaskygeeks/mpcc-assistant/blob/6c0d9f5c76bfbdaaca06b7ae96da798f17b20cd3/src/server/controllers/postLogin.js#L23-L24
to build out the auth flow further: First, make a helper function to check for the logged_in cookie. Then, the login page can redirect to the dashboard if the user already has a logged-in session: `<Route exact path="/" render={() => ( isLoggedIn() ? (
) : (
) )}/>`
Next, all of the pages that should only show for logged-in people get the "opposite" redirect - if the user is not logged in, redirect back to the login page: `<Route exact path="/dashboard" render={() => ( !isLoggedIn() ? (
) : (
) )}/>`
The last part of the whole auth flow is to use the server's jwt token as an auth token for all of the network requests that are made. That token is also being passed down as a cookie in postLogin, so to finish things out, you'd pass that token as a header with every axios network request once the logged-in user was viewing the dashboard and such, then in the server, you'd first store the login tokens in a new table when they're created (username, token, expiration), so that in other request handlers you can pull the request's auth token out of the header and check against the table that it's a real, legitimate token. As a bonus, your request handler could use that token lookup to know which user is making the request.