-
Notifications
You must be signed in to change notification settings - Fork 382
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
React Router integration #128
Conversation
@@ -49,9 +50,10 @@ | |||
"loader-utils": "^0.2.11", | |||
"marked": "^0.3.5", | |||
"react": "^0.14.0", | |||
"react-bootstrap": "^0.27.0", | |||
"react-bootstrap": "https://registry.npmjs.org/react-bootstrap/-/react-bootstrap-0.27.2.tgz", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unreleased?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, this issue: react-bootstrap/react-bootstrap#1395
I can't do npm shrinkwrap
with new version of history
because of npm conflict with react-bootstrap
-> history
dependency.
@alexfedoseev should the redirect still in context of react-router? or it needs to be client(browser) redirect? @justin808 As I remember we already catch any exception when we render component, right? |
@samnang Yes, we catch all errors and log them. Maybe we just need to remove the TODO since we do catch and log errors already. |
We need to send server response with 302 redirect from Rails to new location (it will be returned by generator function).
Yep, it'll be logged in Development, but in Production we should send 500 response in case of server error, don't we? |
Actually I think we should send 500 with stack on errors from server in development just like Rails do on errors. @justin808 @samnang what do you think? |
Maybe react_on_rails should be configured to either throw or render errors when server rendering? |
I think it's more harm than good to give an option to treat server error as success response. |
I think we need to choose either throw or render errors, we don't have to support both and have an option. Too many options could be confusing. I vote for throwing an exception with stack trace. It's easier for development.
@alexfedoseev I'm a bit confused here, because after we render the component on server for the first request to the server, then after that everything will navigate at client side which depend on react-router to render different components, so why do we need to be done at server in this context? /cc @justin808 |
Sure. We can change:
|
@samnang Here is the use case: Guest navigates to Profile Edit page. Guest can't access to this area and, before render the component, we check his status in transition hook. Inside the hook we declare that if user is not authorized -> redirect him to Login path. And the only thing that we have from the |
@alexfedoseev We need to create some simple example in the tutorial, as well as something simple in the dummy apps to test against. I think real code will make this clear. |
@justin808 @samnang Here it is: c23b58a Here we have pre-check: method + hook If user will try to navigate to path with such pre-check:
So next we need to handle such cases on the Rails server. |
We discussed redirect thing with @justin808. Not sure how to return 302 redirect here, because we're in the middle of render cycle and we can't send 302 redirect from this point, because it's controller's thing. So let's stick with JS redirect for now. If someone has idea how to handle such case — let us know. |
@alexfedoseev We'll generated some JS in the rendering that sets window.location just like we generate JS to put server console messages. |
@robwise Can you give this change a try. I'll give you a hand. |
Do we want to make it in shakacode/react_on_rails#68 or merge shakacode/react_on_rails#68 and start new PR? |
@alexfedoseev Your call. It seems backwards compatible. It would be nice get some basic docs. @robwise can commit to this branch, so we don't need to start a new one. I want to get this in for version 1.0.0. Maybe we should release rc-pre-2? |
@justin808 @alexfedoseev I agree, committing to this would make more sense as really the tests and generators should go along with the code they relate to. |
👍 @robwise Let's call tomorrow and discuss next steps in this PR. |
Just talked to Alex briefly on Slack, I should be able to get the generators branch done today or tomorrow at latest and then I can incorporate this into a generator as well as add some integration tests. |
@alexfedoseev Thanks for giving the scenario, but I'm a bit unclear because I feel all authorization should be on the server. If users try to navigate by changing browser url to unauthorized page, then Rails should check and redirect the request even they render the page. If the user know JS and try to change the rendering component or path in client only to access unauthorized sections/screens, we don't have to prevent it because even they see it, but they can't update it because all update requests will go to server and server will reject it. Those users are just attackers, so we don't treat them like normal flow. Or I'm missing something here? |
I think what @samnang is referring to is why would the code even get to server rendering if the server knows the person is not allowed. |
Source of truth — yes. All — not always. Because in case of SPA we need auth mechanism on the client to render UI and send auth headers with requests to API. And it's really simple example. There can be more complex cases. In SPA there is a form with 3 sections. User can't access 2nd section until he's done with 1st. So we need to add hook to 2nd section with logic: if 1st section is ok -> render 2nd, else -> redirect to 1st. And it's really annoying to duplicate routes + render logic on the server and on the client (just to send redirect), especially when SPA has only one entry point in the server routes. |
After had a chance to discuss with @alexfedoseev, It makes sense in a context of SPA. |
@MaMute -- you could pull this branch and have it refer to the branch on react_on_rails with the fix. This can inspire your simple test. |
let routeRedirect; | ||
let routeProps; | ||
|
||
match({ routes, location }, (_routeError, _routeRedirect, _routeProps) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This runs synchronously because we are not setting up the app with dynamic routes.
This does not affect the react_on_rails gem because it does not support dynamic routes.
@robwise FYI -- note for you in the docs.
909db2c
to
2bc312e
Compare
This is definitely ready. See shakacode/react_on_rails#68. You can pull this branch and the gemfile refers to the branch for react_on_rails. |
bd74555
to
2feb2e7
Compare
LGTM 👍 |
@robwise you've got some test failures after your last push. |
@justin808 @robwise Looks good! 👍 |
@justin808 Aren't those coming from yours (2feb2e7)? |
f279c57
to
12c06f0
Compare
* Updated to react_on_rails 1.1.0 * Update config to get non-minified server msgs * Support for server rendering with react-router * Implement active class for react-router links and use IndexLink and IndexRoute * cleanup code duplication
f0dcd4d
to
e463a67
Compare
Once @alexfedoseev gets a chance to 👍 on the refactoring of the RouterCommentScreen, NonRouterCommentScreen, CommentScreen components, we'll merge! |
All good! 👍 |
It looks like I've missed all the action here. Great job! 👍 @justin808 @alexfedoseev @robwise |
NB! This branch will work only with these changes in gem: shakacode/react_on_rails#68
When changes will be applied to
react_on_rails
, React Router will be working with gem on the server and on the client.But still there are 2 things, that needs to be handled by the gem on the Rails side:
@justin808 @samnang Please take a look at these TODOs. And comment on 2 statements above.