search

synadia-labs / natster

Natster - A peer-to-multipeer media sharing application built with nothing but NATS
https://docs.natster.io
Apache License 2.0
38 stars 6 forks source link

Auth route order #76

Closed jordan-rash closed 8 months ago

kthomas commented 8 months ago

@jordan-rash would this be a good place to check for the presence of an existing user in local storage?

A guard installed via the router to prevent users from reaching this login page completely and get redirected to the library would be nice. Something like beforeEnter: [unauthorized] could be added to the routes we need to ensure a user has been bound.

router/router.js:

import { createRouter, createWebHashHistory } from 'vue-router'
import { unauthorized } from './guards'

import HomeView from '../views/HomeView.vue'
import GettingStartedView from '../views/GettingStartedView.vue'
import Library from '../components/Library.vue'

const router = createRouter({
  history: createWebHashHistory(),
  routes: [
    { path: '/:code?', name: 'home', component: HomeView, beforeEnter: [unauthorized] },
    { path: '/getting-started', name: 'gettingstarted', component: GettingStartedView },
    { path: '/library', name: 'library', component: Library, beforeEnter: [] } // add authorized guard later...
  ]
})

export default router

router/guards/unauthorized.js:

// prevent authorized users from accessing routes restricted to unauthorized access
export default (to, from, next) => {
  const oauthId = localStorage.getItem('natster_oauth_id')
  const nkey = localStorage.getItem('natster_nkey')
  const jwt = localStorage.getItem('natster_jwt')

  if (oauthId && nkey && jwt) {
    next('library')
    return
  }

  next()
}
jordan-rash commented 8 months ago

So, i realized that we shouldn't need to check localstorage at all....auth0 drops all its persistance, so we should just check isAuthenticated.....

kthomas commented 8 months ago

So, i realized that we shouldn't need to check localstorage at all....auth0 drops all its persistance, so we should just check isAuthenticated.....

We know we need those 3 items for our app to work. If using whatever auth0 stores in local storage and subsequently checks is sufficient then so be it. Checking local storage ourselves is less magical, and it isn't much overhead. We need a route guard to prevent authenticated users from visiting the login page.

jordan-rash commented 8 months ago

We need a route guard to prevent authenticated users from visiting the login page

this makes sense and i think this is where we check localstorage (which i think is what you said, but I just wanted to make sure we are on the same page)