401 Unauthorized calls on unprotected routes #1
Comments
|
Hello! Thank for bringing this to my attention. It is indeed suboptimal
to make a useless request to an API endpoint when not logged in. My
solution is to check for the existence of the "userData" cookie in the
loadUserDataFromServer() function. So I added this function to
/lib/client/auth.ts:
exportfunctionisLoggedIn() {
constuserData=getUserData();
return!!userData;
}
And then added this in the AppContext:
constloadUserDataFromServer=async () => {
if (!isLoggedIn()) return;
try {
constresponse=awaitfetch('/api/auth');
constdata= (awaitresponse.json()) asI_ApiAuthResponse;
const { success } =data;
if (!success) {
letmessage='Failed to load user data from server';
if (data.message) message=data.message;
console.error(message);
return;
}
setUserDataLastLoad(newDate());
} catch (_) {
console.error('Failed to load user data from server');
} finally {
loadUserData();
}
};
I went ahead and pushed these changes to the repo. Thanks for your
input!
Jay
…------ Original Message ------
From "NINE78" ***@***.***>
To "designly1/nextjs14-auth-sequelize-starter"
***@***.***>
Cc "Subscribed" ***@***.***>
Date 2/8/2024 7:45:16 AM
Subject [designly1/nextjs14-auth-sequelize-starter] 401 Unauthorized
calls on unprotected routes (Issue #1)
First of all, thanks for this excellent example on JWT authentication!
I've one question though: the AppProvider calls loadDataFromServer
which targets the protected /api/auth route. Since everything is
wrapped inside the AppProvider, unprotected routes like home or /login
will result in 401 errors on the console (as the /api/auth route won't
be accessible). Any tips on how to tackle this?
thanks!!
—
Reply to this email directly, view it on GitHub
<#1>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALHCNZHCVMNY2VT3NUJ5F7DYSTJGZAVCNFSM6AAAAABC7YT4JCVHI2DSMVQWIX3LMV43ASLTON2WKOZSGEZDKMRSGQ3TOMQ>.
You are receiving this because you are subscribed to this
thread.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
First of all, thanks for this excellent example on JWT authentication!
I've one question though: the AppProvider calls loadDataFromServer which targets the protected /api/auth route. Since everything is wrapped inside the AppProvider, unprotected routes like home or /login will result in 401 errors on the console (as the /api/auth route won't be accessible). Any tips on how to tackle this?
thanks!!
The text was updated successfully, but these errors were encountered: