S
SolidJS9mo ago
sh1man

Custom auth solidstart by prisma

Can anyone help me make my authorization on solidstart? I have orm prisma. I created a user table, what else do I need? 1) how to authorize a user, I have an endpoint trpc. 2) when entering the site, I should receive information about the user; if the error code is 401, then the user is redirected to the logIn page
53 Replies
Only Cliches
Only Cliches9mo ago
are you familiar with password hashing? That's a very important aspect to rolling your own auth...
sh1man
sh1man9mo ago
I'm most interested in storing cookies, I haven't seen any working plugins
bigmistqke
bigmistqke9mo ago
I don't know all the ins and outs of auth, but I used lucia for my last project and really liked it bc it doesn't try to be in your way too much. It can easily be used in combination with orm and has documentation on how to set that up. It gives u the feeling like u are rolling out your own auth, while the library (and their rly good documentation) guides you through it. So I would even recommend it as an educational thing if you eventually wanna roll it out all by yourself. I used it w astro back then, but they have a section for solidstart too: https://lucia-auth.com/getting-started/solidstart
Lucia
Getting started in SolidStart
Lucia is an open source auth library that abstracts away the complexity of handling sessions.
Brendonovich
Brendonovich9mo ago
@sh1man what was out of date?
sh1man
sh1man9mo ago
@solid-primitives/storage
Brendonovich
Brendonovich9mo ago
ah lol
sh1man
sh1man9mo ago
I'm also interested in authorization and storage of tokens jwt. Because I don’t always use solidstart Therefore, in such cases, I don’t know how to use cookies for storage and which plugin can help me with this
Brendonovich
Brendonovich9mo ago
Use Jose to create + sign a jwt and call a function in your api handlers that verifies the jwt
sh1man
sh1man9mo ago
how to display ui after verification? as they usually do
Brendonovich
Brendonovich9mo ago
Same way as with sessions, make a normal query to get the current user
sh1man
sh1man9mo ago
and if I use an eternal token on the server, what should I do in this case, how to store it in cookies?
Brendonovich
Brendonovich9mo ago
Ideally the frontend isn’t even aware of the cookie (as happens with Lucia), just request the current user and if there is none then go to a login page
sh1man
sh1man9mo ago
there is an example I don’t know how to do this correctly in solid
Brendonovich
Brendonovich9mo ago
You’re using trpc no? Do a trpc query for the current user and if you get null then navigate to login with your router
sh1man
sh1man9mo ago
yes, i use trpc
sh1man
sh1man9mo ago
No description
sh1man
sh1man9mo ago
In the main file? app.tsx
Brendonovich
Brendonovich9mo ago
If you’ve got access to trpc and the router there yeah
sh1man
sh1man9mo ago
It seems to me that the ui will load faster than the request will be executed
Brendonovich
Brendonovich9mo ago
Though I doubt you want all of your routes to require auth so consider doing it in a lower down layout instead Use Show to not render the children until you get a response
sh1man
sh1man9mo ago
but it hits the login page
Brendonovich
Brendonovich9mo ago
Then do this - put your auth-requiring routes in a dedicated group and do the auth check in that group’s layout Login can exist outside that group and not require auth
sh1man
sh1man9mo ago
how to do it I haven't seen this
Brendonovich
Brendonovich9mo ago
There’s probably solid start examples that show how do to groups and layouts
sh1man
sh1man9mo ago
do you mean use layouts ?
Brendonovich
Brendonovich9mo ago
Yea that’s what I said
sh1man
sh1man9mo ago
Then in this layout use trpc request
Brendonovich
Brendonovich9mo ago
Yes, that request is the auth check
sh1man
sh1man9mo ago
Thanks I got it
Brendonovich
Brendonovich9mo ago
Notice that the ‘auth’ part of this problem is just getting the cookie/jwt to the client
sh1man
sh1man9mo ago
I'm wondering how to safely store data in cookies I use very often third-party authorization backend in python
Brendonovich
Brendonovich9mo ago
Use Lucia or use start’s header/session helpers + research how to secure cookies
sh1man
sh1man9mo ago
but the authorization backend is not on the solidstart side db only python backend
Brendonovich
Brendonovich9mo ago
Is the browser expected to query the Python server directly? Or is that done through trpc
sh1man
sh1man9mo ago
only api get json data
Brendonovich
Brendonovich9mo ago
What
sh1man
sh1man9mo ago
backend server python only for receiving data via API authorization is also on this server, in return I receive a permanent authorization token
Brendonovich
Brendonovich9mo ago
Then write the token to a cookie in trpc and then extract the token from the cookie + manually pass it to the requests to Python Then the browser will have the token in a cookie that will the be forwarded through trpc to the Python server
sh1man
sh1man9mo ago
Does trpc have cookies to store them there?
Brendonovich
Brendonovich9mo ago
Well no it’s just an api handler, the incoming request from the browser has cookies
sh1man
sh1man9mo ago
how to write cookies then?
Brendonovich
Brendonovich9mo ago
With start/h3’s header/session helpers That will get the cookie to/from the browser How the token gets to the Python server is up to how the Python server works
sh1man
sh1man9mo ago
I need examples about this. I've never seen this
Brendonovich
Brendonovich9mo ago
They’re in the start docs, what you need may be more research on your tools https://start.solidjs.com/advanced/session
sh1man
sh1man9mo ago
Okay, what if I use Astro + solid.js
Brendonovich
Brendonovich9mo ago
What about it? You’ll need to handle headers/cookies/request handling in the way Astro does it
sh1man
sh1man9mo ago
okay, thank you I don't understand how to redirect a user in trpc
sh1man
sh1man9mo ago
No description
bigmistqke
bigmistqke9mo ago
not sure u can redirect in trpc directly
bigmistqke
bigmistqke9mo ago
according to https://www.answeroverflow.com/m/1107570222375907368 u should do it on the client
How to redirect using TRPC? - Theo's Typesafe Cult
I am generating stripe checkout url from trpc endpoint and want to redirect user to that page. Here is what I am doing right now ```export const purchaseRouter = createTRPCRouter({ getUrl: publicProcedure .input(z.object({ text: z.string() })) .query(async ({ input, ctx }) => { const host = ctx.req.headers.host; if (!host) ...
bigmistqke
bigmistqke9mo ago
any reason why you are using trpc instead of solid-start's server-functions?
Brendonovich
Brendonovich9mo ago
redirect in the client using useNavigate from the router
sh1man
sh1man9mo ago
no, the reason is I just don’t understand how to use solidstart Okey Can someone show me an example of getting a user profile?
Want results from more Discord servers?
Add your server