
I just got into Appwrite, it's awesome!
I'm doing authentication for my SvelteKit app and I have managed to create login and register, but when I want to create the protected routes - I'm not sure how to do it.
Is it secure to handle protected routes inside page.ts files on the client?
export const load = async ({ parent }) => {
const { account } = await parent();
if (account.loggedin) {
throw redirect(303, "/auth");
}
}
Or how should I redirect the user if they aren't authed?

Is it secure to handle protected routes inside page.ts files on the client?
Regarding this, if the page contains data generated by user, for example, that is not accessible by everyone without proper permissions, then, I think it will not matter at all if the redirect is being performed client side.
However if it's a website that contains a route that is (for example) under a paywall or limited access to specific content without being registered or paid (for example: a members-only article or a website with paid courses), then you will need to perform this server sided and prevent returning any content prior to checking if the user has an active account

Yeah, it is the option two - the content should only be visible to certain users

I tried to find any server side documentation but I can't find anything on how to do things on the server

Regarding the seccond question on how to check if the user is authenticated or not, you can check it with:
account.get();
If it throws error, that means there is not an active or valid session (so user is not logged it). Full example:
const account = new account(client);
try{
account.get();
//The code in those lines will be executed if the user is logged in so you can redirect here, trigger a function, set a variable, etc.
} catch (error) {
console.error(error);
//Here you redirect to login or something else if user since the error will mean that there is not any active session
}

Is this helpful for you?

But this is on the clientside right?

I want to get it to the server, to the +page.server.ts files etc
Recommended threads
- Unable to read session cookie
Hi, when I am hitting Appwrite **/account** API. I am getting the user account details as expected in the response. However, with that API, Appwrite also adds a...
- Database error
My code: await databases.createDocument( process.env.APPWRITE_DATABASE, process.env.APPWRITE_COLLECTION_USER, data.userId, ...
- No Headers
Hi I have 2 appwrite functions, one is working fine on localhost, second is not even working on prod with https, i inspected the api call, no headers are being ...
