Closed lindapaiste closed 3 months ago
Logged-out only:
"/login"
client and server"/signup"
client and server"/reset-password"
client only, not on serverLogged-in only:
Logged-in only, redirects to URL with username:
"/sketches"
client redirects, server only checks logged-in"/assets"
client redirects, server only checks logged-in"/collections"
?)Only for current user:
"/:username/assets"
client and server (we return a 404 for another user's assets, which might not be 100% correct)Viewable to anyone:
"/"
"/reset-password/:reset_password_token"
(but maybe should make this logged-out only)"/verify"
(maybe should be logged-in only?)"/projects/:project_id"
"/:username/full/:project_id"
"/full/:project_id"
"/:username/sketches/:project_id/add-to-collection"
(we only link to this URL if logged in, but there's no verification on the URL itself)"/:username/sketches/:project_id"
"/:username/sketches"
"/:username/collections/:collection_id"
"/:username/collections"
"/about"
"/privacy-policy"
"/terms-of-use"
"/code-of-conduct"
Proposed changes to server:
"/sketches"
and "/assets"
to the URL with the username"/reset-password"
and "/reset-password/:reset_password_token"
to "/account"
if the user is logged in (since the account page allows changing the password)Proposed changes to client:
routes.jsx
/utils/auth.js
file/components/createRedirectWithUsername.jsx
file@lindapaiste can you assign this issue to me
@lindapaiste can i work on this issue
@raclim I would like to work on this issue. Can you please assign me this issue? Thanks!
Increasing Access
It is confusing to work with code where redirections can be be initiated from multiple places.
Feature enhancement details
Ref: https://github.com/processing/p5.js-web-editor/pull/2987#issuecomment-1925915203
We should look through the https://github.com/processing/p5.js-web-editor/blob/develop/client/routes.jsx file and see which redirects are not actually needed because they are already handled by the server in https://github.com/processing/p5.js-web-editor/blob/develop/server/routes/server.routes.js.
Specifically, we should check over our usages of
userIsNotAuthenticated
,userIsAuthenticated
,userIsAuthorized
, andcreateRedirectWithUsername
. I have a hunch that we can actually delete all four of those functions. Let's make a list of all routes which use some form of redirection and whether each route's redirect logic duplicates what is already implemented on the server.