Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirection from route pre-condition #295

Closed
notramo opened this issue Mar 3, 2023 · 5 comments
Closed

Redirection from route pre-condition #295

notramo opened this issue Mar 3, 2023 · 5 comments

Comments

@notramo
Copy link

notramo commented Mar 3, 2023

If the user enters any route, but the JWT token is missing, redirect to /login.
@ItalyPaleAle
Copy link
Owner

Yes this is possible. It depends on how you check if the JWT is present, but you can certainly do a redirect in a route pre-condition. Just use replace()!

@notramo
Copy link
Author

notramo commented Mar 5, 2023

@ItalyPaleAle, how to do it without copy-pasting a lot? Currently, all routes have to be wrapped, and the condition have to be specified. If the app only provides logged-in functionality, then it has to be defined for every single route. That's a lot of copy-pasting. It would make more sense to specify conditions for the router, that are applied to every route.

@ItalyPaleAle
Copy link
Owner

@notramo in this case, where the entire app requires auth, I would put the auth check outside of the Svelte code, in the “main” JS function, before you instantiate the Svelte App.

I’ve done this before many times. One example is here: https://github.com/ItalyPaleAle/calendar-next-demo/blob/master/src/main.js Note this code is VERY OLD so please don’t copy-paste what I did there :) But you can get the gist!

@notramo
Copy link
Author

notramo commented Mar 5, 2023

@ItalyPaleAle I'm currently doing this in App.svelte, with onMount(). The problem is that it only works on initial page load, but if the user changes the hash to a valid route after the app is loaded, it is displayed (and a load of errors are thrown, since the token is missing).

@ItalyPaleAle
Copy link
Owner

If the token is missing, that’s a separate problem. You will want to persist the token somewhere, for example in localStorage.

If the problem is that the token could expire in the meanwhile, yes that’s something that needs to be handled on each request.

The common pattern here is to bake the auth check into the fetch handler you use. If the server responds with 401, then you redirect the user to the auth page. This is not done in the router, but in the code that invokes the remote server.
The reason for doing this is that generally apps do not make requests only when a new page is loaded. I don’t know your app, but it’s common for a page to make requests even without trigger a navigation. In this case, handling the check in the code that performs network requests is the way to make sure you’re not missing any situation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ItalyPaleAle @notramo