fix: authenticate per request #2258
No reviewers
Labels
No Label
area/internal-code
changes requested
confirmed
dependencies
duplicate
good first issue
help wanted
hosting
invalid
kind/bug
kind/feature
question
wontfix
No Milestone
No project
No Assignees
3 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: vikunja/frontend#2258
Loading…
Reference in New Issue
No description provided.
Delete Branch "dpschen/frontend:feature/authenticate-per-request"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
It seems to me that the token should be checked on every request.
I'm not sure if this should also be used this way with the the AuthenticatedHTTPFactory.
Hi dpschen!
Thank you for creating a PR!
I've deployed the changes of this PR on a preview environment under this URL: https://2258-feature-authenticate-per-request--vikunja-frontend-preview.netlify.app
You can use this url to view the changes live and test them out.
You will need to manually connect this to an api running somehwere. The easiest to use is https://try.vikunja.io/.
Have a nice day!
WIP: fix: authenticate per requestto fix: authenticate per requestThere are cases where it would not be checked, like the login and register routes. IIRC these don't use a service, hence it made sense to put the check into
AbstractService
and not in the common http handler.3098d9c70e
to24d67b512b
24d67b512b
to5b06302c23
5b06302c23
to3b679bf273
@ -66,2 +66,4 @@
// Set the interceptors to process every request
this.http.interceptors.request.use((config) => {
// Set the default auth header if we have a token
const token = getToken()
Isn't this now duplicated with the code in
src/http-common/index.ts
?I guess it could use the AuthenticatedHTTPFactory.
Here I was simply replacing all static token occurances with dynamic ones. It was static in line 91
I'm not 100% sure if it would be easy or make sense but I think we shouf put this in a function used in both places.
What's the difference to using AuthenticatedHTTPFactory directly?
I think that could work. Can you check?
Done.
Now I also set the
apiUrl
fresh from window for every request.By doing so we should never run in the case where an api instance exists but uses an outdated baseUrl (if the user changes it).
3b679bf273
to166ebf18f2
Awesome, thanks!