Open Kiranism opened 4 months ago
@Kiranism You can protect routes by calling assertAuthenticated
at the start of each protected page. This function returns the current user if logged in, or throws an error if not. Then error.tsx page catches these errors and shows a "not authenticated" message if it's an auth error.
Yeah, that will work. Maybe that can be added to the code.
It's already in the code. The dashboard page uses the assertAuthenticated
function which is implemented in lib/session.ts.
It's already in the code. The dashboard page uses the
assertAuthenticated
function which is implemented in lib/session.ts.
It just throwing an error. Please check this picture https://github.com/webdevcody/wdc-saas-starter-kit/issues/12#issue-2432150213
@Kiranism I see. There were a few issues I had to solve to get this template work on production. I'll check that out.
So, when built for production, isAuthenticationError
evaluates as false, but not when running locally in dev mode. As a result, it is showing the generic error message instead of the authentication error message.
I think having a method called assertAuthenticatedAndRedirect('/your/url') would be my recommendation. I personally don't like when a user is just randomly redirected to a new page; I'd rather show them an error so they know not to do it again. I can look into this error difference between prod and dev and try to update this.
I concur with that strategy.
I think having a method called assertAuthenticatedAndRedirect('/your/url') would be my recommendation. I personally don't like when a user is just randomly redirected to a new page; I'd rather show them an error so they know not to do it again. I can look into this error difference between prod and dev and try to update this.
Fair enough. I also noticed that you can still visit the login page (auth routes) after signing in, which can be avoided with a similar check."
@webdevcody Hey, what can we do to protect the routes? Since we aren't using middleware, maybe we can do the checks directly in the pages?
something like
export default async function Dashboard() { const user = await getUser(); if (!user) { return redirect('/admin/login'); } return (...)