lindapaiste
commented
8 months ago Logged-out only:
"/login"client and server"/signup"client and server"/reset-password"client only, not on server
Logged-in only:
Logged-in only, redirects to URL with username:
"/sketches"client redirects, server only checks logged-in"/assets"client redirects, server only checks logged-in- (we maybe should have a similar redirect on
"/collections"?)
Only for current user:
"/:username/assets"client and server (we return a 404 for another user's assets, which might not be 100% correct)
Viewable to anyone:
"/""/reset-password/:reset_password_token"(but maybe should make this logged-out only)"/verify"(maybe should be logged-in only?)"/projects/:project_id""/:username/full/:project_id""/full/:project_id""/:username/sketches/:project_id/add-to-collection"(we only link to this URL if logged in, but there's no verification on the URL itself)"/:username/sketches/:project_id""/:username/sketches""/:username/collections/:collection_id""/:username/collections""/about""/privacy-policy""/terms-of-use""/code-of-conduct"
adityagarg06
Keshav-0907
PiyushChandra17
Increasing Access
It is confusing to work with code where redirections can be be initiated from multiple places.
Feature enhancement details
Ref: https://github.com/processing/p5.js-web-editor/pull/2987#issuecomment-1925915203
We should look through the https://github.com/processing/p5.js-web-editor/blob/develop/client/routes.jsx file and see which redirects are not actually needed because they are already handled by the server in https://github.com/processing/p5.js-web-editor/blob/develop/server/routes/server.routes.js.
Specifically, we should check over our usages of
userIsNotAuthenticated,userIsAuthenticated,userIsAuthorized, andcreateRedirectWithUsername. I have a hunch that we can actually delete all four of those functions. Let's make a list of all routes which use some form of redirection and whether each route's redirect logic duplicates what is already implemented on the server.