Fork me on GitHub
#re-frame
<
2019-05-10
>
Bravi10:05:36

so a few days back I posted a question, asking how to create 'protected routes', that will not be accessible for users, if they're not logged in. In my case, I'm using JWT token, that I store in local storage + re-frame db. I also wanted it to be a sort of clean solution - not hacky basically. I couldn't find any solutions on web and after fiddling around for quite some time, I got it working by creating an interceptor for it. I was thinking about writing up a little blog post on this. but first I thought I'd check on here, how useful do people think it would be?

dominicm11:05:16

Local storage is considered insecure by many because of xss

PB15:05:29

Is it bad to use a subscription inside of an event? If yes, why?

PB15:05:12

That's fair

lilactown15:05:47

it sounds like there’s an inject-sub interceptor that allows you to do what you want tho

PB15:05:12

I see that. Would passing the result of the subscription to the event not work just as well?

PB15:05:05

I guess another option is jsut to access it in the db directly

manutter5117:05:04

@petr My (somewhat shallow) understanding is that there’s a risk of memory leaks if you grab a subscription value directly inside an event handler, and the inject-sub mechanism avoids that. If you’re just grabbing a value inside the app-db, though, it’s a lot simpler to grab it directly. You can use prefix functions if you’re concerned about changing paths inside the app-db at some point in the future.