-
-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Warn and log out user if deleted #182
Comments
Happy new year 🙂 You can do this in "app space" by modifying the default
As for whether this should be the default implementation: not sure. Assuming your app has a sign-out button somewhere easily accessible, then you can also just click on that after doing I think I'd prefer to leave it at that rather than modifying the default middleware to do a DB query on every (authenticated) request. Those who want this behavior can make the decision to do that if they want. As it is, Biff's default middleware stack doesn't do any DB queries (I'm pretty sure?) so I wouldn't be able to add this functionality without introducing a new query somewhere. |
I hear what you're saying. I still think the better default is to hit the db on every request though. I've come to use this middleware instead: (defn wrap-require-user [handler]
"Ensures the user is logged in and that :user is associated
with (xt/entity uid). If your handler or middleware requires :user,
use it explicitly."
(fn [{:keys [session biff/db] :as ctx}]
(if-not (some? (:uid session))
{:status 303
:headers {"location" "/signin?error=not-signed-in"}}
(if-let [user (or (:user ctx)
(xt/entity db (:uid session)))]
(handler (assoc ctx :user user))
{:status 303
:headers {"location" "/signin?error=not-signed-in"}})))) |
Btw feel free to close :^), or I can pr if u like the middleware |
I still think it's definitely better not to do that by default 😉 . Do you want to stick this middleware in a gist or write up a short blog post or something though? I'd be happy to add a link for it in the content library. |
I think it's fine that it lives here for now :) |
In development I sometimes
rm -r storage
. Unfortunately this leaves the users in a pseudo-loggedin state. It would be preferable if the user was logged out if not found in the db.Also, Happy New Year!
The text was updated successfully, but these errors were encountered: