improve auth stability, support ssr auth, login redirects #524
Conversation
👷 Deploy request for tanstack pending review.Visit the deploys page to approve it
|
| "clsx": "^2.1.1", | ||
| "cmdk": "^1.1.1", | ||
| "convex": "^1.25.4", | ||
| "convex-oss-stats": "link:../../../erquhart/convex-oss-stats", |
There was a problem hiding this comment.
I don't think this is going to work.
There was a problem hiding this comment.
This updates the convex package and removes a non-existent file based package, was left in accidentally from a while ago. The actual package is @erquhart/convex-oss-stats, that dependency is still in place.
| }), | ||
| }), | ||
| beforeLoad: async (ctx) => { | ||
| requireAuth(ctx) |
There was a problem hiding this comment.
Utility that checks for a user id, and if none is present, throws a redirect with the current location in the redirectTo query param.
| await ctx.context.queryClient.ensureQueryData( | ||
| convexQuery(api.auth.getCurrentUser, {}) | ||
| ) | ||
| await ctx.context.queryClient.ensureQueryData( | ||
| convexQuery(api.llmKeys.listMyLLMKeysForDisplay, {}) |
There was a problem hiding this comment.
Need to parallelize these.
| const getAuth = createServerFn({ method: 'GET' }).handler(async () => { | ||
| const { createAuth } = await import('../../convex/auth') | ||
| const cookieNames = getCookieNames(createAuth) | ||
| const cookieAuth = getAuthFromCookie(getCookie(cookieNames.convexJwt)) | ||
| if (cookieAuth) { | ||
| return cookieAuth | ||
| } | ||
| if (getCookie(cookieNames.sessionToken)) { | ||
| return await fetchAuth(getRequest()) | ||
| } | ||
| }) |
There was a problem hiding this comment.
Uses Convex jwt from cookie if it exists and is not expired, otherwise fetches a new one, which relies on the longer lived session cookie. If that fails the user is considered unauth.
| <Authenticated> | ||
| <UserSettings /> | ||
| </Authenticated> | ||
| <Unauthenticated> | ||
| <div className="bg-white dark:bg-black/30 rounded-lg shadow-lg p-8 text-center w-[100vw] max-w-sm mx-auto"> | ||
| <h2 className="text-xl font-semibold text-gray-900 dark:text-white mb-4"> | ||
| Sign In Required | ||
| </h2> | ||
| <p className="text-sm text-gray-600 dark:text-gray-300 mb-6"> | ||
| Please sign in to access your account settings. | ||
| </p> | ||
| <Link to="/login"> | ||
| <button className="text-sm font-medium bg-black/80 hover:bg-black text-white dark:text-black dark:bg-white/95 dark:hover:bg-white py-2 px-4 rounded-md transition-colors"> | ||
| Sign In | ||
| </button> | ||
| </Link> | ||
| </div> | ||
| </Unauthenticated> |
There was a problem hiding this comment.
Dropped this as the page won't show for unauthenticated users.
2 participants
See /account page changes for patterns, /builder page changes for redirects
Issues I'd like some input on: