mtiger2k / react-redux-graphql-passport-starter

React redux hot starter - apollo-graphql backend api, with mongo, passport-jwt supported
34 stars 7 forks source link

thanks for putting this together! #2

Open bnchdrff opened 7 years ago

bnchdrff commented 7 years ago

i forked this at https://github.com/bnchdrff/react-redux-graphql-passport-starter to add a few features -- take a look.

mtiger2k commented 7 years ago

It's amazing that you made so much progress based on my starter. All of your work make this starter close to perfection, including SSR, webpack configuration and so on. I really appreciate you notify me of all your contribution, I can learn a lot from you.

Just one question, api depends on JWT token which is stored at client, how does SSR work if this token is unavailable in server?

Thanks so much.

bnchdrff commented 7 years ago

the way it works now is.. it doesn't! :)

the server will render the page as it would've been rendered for an unauthenticated user, and then in the frontend those components are re-rendered. this might not make sense for certain apps but in my case i think it's an efficient way of doing things, since the main utility of SSR is for search engine optimization.

it'd be cool to work in SSR for a logged-in user though -- i'll take a stab at it!

bnchdrff commented 7 years ago

we'd grab the jwt in a similar way to how i'm grabbing the csrf token here: https://github.com/bnchdrff/react-redux-graphql-passport-starter/blob/master/src/server.js#L60

bnchdrff commented 7 years ago

i was totally wrong about my previous note -- we would need to ensure the client's stored jwt is passed along with that initial request. i'm looking into an approach for doing this.

bnchdrff commented 7 years ago

not sure if there is a way to do it, aside from storing the jwt as a cookie instead of localstorage. reading http://stackoverflow.com/questions/40574994/jwt-stored-in-cookie-security-concerns#40579495 and other things. i'm hoping to find some sort of standard best-practice for doing it.

bnchdrff commented 7 years ago

here's stormpath's opinion... https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage