Route Intercepting
Good Evening, I was trying to create protected routes within my app on the server side via entry-server, and it was working until I noticed that when I added ({ forward )} within the createHandler as seen below, it stopped running that function on every route and only did it on initial page load.
So then I went to the docs, looked at middleware and noticed they used @solidjs/start/server for their defineConfig, of which I tried to do so I can define my own middleware and hopefully correctly intercept routes that way but then got this error
So I'm left a little lost on how to intercept each route change server side without handling it client side. Cause client side I'm sure I can setup a createEffect and then run my auth protection, but just wanted to get it before it even renders anything.
Thanks for any help.
6 Replies
After initial load, Solid apps usually route and render on the client. You mention
useBeforeLeave
in the #solid-start channel but that is really more intended for the "You have unsaved changes" scenario and is not a guaranteed thing (eg the current version does block back/forward although there is a PR for that).
Of course you 100 % need to enforce authorisation on each call to the server too (each route, api and server function) - see the following which also links to a good approach https://discord.com/channels/722131463138705510/910635844119982080/1190412457932496897I guess my main issue is I need a way to use middlewares as I was having issues when trying, I'm still on SolidStart 0.3.10, and not sure why when I try to use @solidjs/start/server and use defineConfig from it I get issues, obviously my backend routes are protected but wanted to prevent them from seeing the page overall. I know I could onMount and redirect and prevent content from showing, and or just check it on a createResource / server side fetching on page but seemed like jank solutions compared to doing middleware which I want to get working.
Yeah - but middleware only runs on requests as they reach the server. Not client-side which is where the navigation and rendering are happening (after initial load).
One option is to not show any links to pages the user is not allowed to see. If the user arrives on one of those pages it will likely from and external page which will hit the server - so middleware.
Oh I see.
Okay so yeah it’d have to be client side prevention then mixed with middleware for initial page load for best experience
Client-side for cosmetic purposes but enforced on any relevant server endpoints (as client can't be trusted to actually be from your code).
Yeah I know.
I come from create react app that I’ve been using since 2019 so been doing all the protective shit for a while and client side stopping, just wasnt sure if there was a way via the SSR middleware since I’m new to SSR
Thanks for the help!