Redirecting on protected routes
Hey! Is there any recommended way to do route protecting on the server with SSR?
For example, I need to redirect users from protected routes to the previous URL, if exists on
router.
Here's my current implementation:
However, this implementation is not the best because it shows the Page to an unauthorized user for a few milliseconds before redirecting.
In addition, if using the snippet below for the Page route, it won't show the Page to user for a few milliseconds before redirecting, but it can run the preload at any state of my app, which will break all redirects and always redirect to /login?redirect=/profile instead of the ?redirect parameter:
Before, I tried using useNavigate, but the code needs to be run on the client in this case. However, I need to perform this check on the server first.
Also, as I mentioned before, I want always to redirect the unauthorized user to the previous URL. I tried doing it with event?.router?.previousUrl from getRequestEvent() in redirectUnauthenticated function, but it's always returns undefied.
How can I solve this issue correctly?11 Replies
I've also:
- read https://docs.solidjs.com/solid-start/advanced/auth#protected-routes
- viewed https://github.com/solidjs/solid-start/tree/main/examples/with-auth
- viewed https://github.com/Christopher2K/swapify/blob/main/swapify_web/src/lib/auth/auth-services.ts
- searched this discord
GitHub
solid-start/examples/with-auth at main · solidjs/solid-start
SolidStart, the Solid app framework. Contribute to solidjs/solid-start development by creating an account on GitHub.
GitHub
swapify/swapify_web/src/lib/auth/auth-services.ts at main · Christo...
Contribute to Christopher2K/swapify development by creating an account on GitHub.
The first link you’ve shared is the way to go.
You can add
createAsync(…,{deferStream: true })
this should prevent the page from streaming before the promise has resolved and should also prevent the page from being shown for a few milliseconds.
createAsync(…,{deferStream: true })it did not help with this issue
The first link you’ve shared is the way to go.but even there the age will be shown for a few milliseconds it actually shows the page for a few milliseconds when it's first time invoked then it's cached but isn't there a better way to do it? feels like such a simple feature
To be more strict you can wrap your children in a Show component:
so in solid start it’s not possible to protect the routes? only the content of them?
i’m not sure that this is gonna work because this code is run on the client and isLoggedIn would be undefined there all the time
now, if I first open protected as an unauthorized user, i will be redirected to
/login?redirect=/protected, but if I sign in on the login page, it will redirect me and isAuthed won't be updated. so circular redirection is possibleThe default config of solid start uses streaming. So the server will start streaming the response (content of the page) before the async data has resolved.
You can change that if you want but only for the whole app:
https://docs.solidjs.com/solid-start/reference/server/create-handler
It will also work on the client as solid will create an api route which is then called by createAsnyc. So that code runs only on the server and is safe.
yeah, it works, but now there's a problem with redirection
so here are my actions
and if i go to the protected route when i'm not authorized, it will:
1. redirect me to the
/login?redirect=/protected (logs false)
2. i'll sign in, and it will redirect me to the /protected (logs false)
3. since isAuthed hasn't been updated for some reason, it will redirect me back to /login?redirect=/protected, which will redirect me to the /
4. if i again try to reach /protected, it'll work fine (logs true)
so the problem is with redirects
so it works now!!
thanks a lot!!In your login action you need to call revalidate(redirectUnauthorized.key) once login is successful. This will update the cached value. (Also in logout obviously…)
it updates already without doing it