joelmackenz
commented
3 years ago Corrected the issue from above. Routes are now only accessible after a successful GET request to the HTTP-only JWT.
Closed joelmackenz closed 3 years ago
joelmackenz
commented
3 years ago Corrected the issue from above. Routes are now only accessible after a successful GET request to the HTTP-only JWT.
joelmackenz
commented
3 years ago This PR includes the same changes made in the hotfix PR from earlier today: https://github.com/hatchways/team-hulk/pull/39. If this is approved, the hotfix will not be necessary.
joelmackenz
commented
3 years ago Using ProtectedRoutes was proving difficult, as they relied on a check for the JWT, which was not updating to true before the pages were being rendered. The team and I chatted about similar problems. We think it could be fixed by making JWT check update the state within ProtectedRoute, thus triggering a rerender. But removing it entirely seemed like the simplest option, with no downside. Let me know if this is correct.
Now, App.js is just checking isAuthenticated. isAuthenticated is stored in AuthContext, and is used by App.js as well as signin.js for rerouting upon signin.
The authorized context in this is not updating before the page loads. I want the GET request in useEffect in client/App.js to run and update the AuthContext before the components on client/App.js are rendered. setAuthorized in client/App.js is effectively setting authorized to true in the AuthContext, but I think the components are loading while authorized is false -- therefore, the ProtectedRoutes see authorized as false, and the user is redirected to /login. The GET request is returning 304 or 200 on every request.
For clarity, I want setAuthorized in client/App.js to run before the components in client/App.js are loaded.