
I just got into Appwrite, it's awesome!
I'm doing authentication for my SvelteKit app and I have managed to create login and register, but when I want to create the protected routes - I'm not sure how to do it.
Is it secure to handle protected routes inside page.ts files on the client?
export const load = async ({ parent }) => {
const { account } = await parent();
if (account.loggedin) {
throw redirect(303, "/auth");
}
}
Or how should I redirect the user if they aren't authed?

Is it secure to handle protected routes inside page.ts files on the client?
Regarding this, if the page contains data generated by user, for example, that is not accessible by everyone without proper permissions, then, I think it will not matter at all if the redirect is being performed client side.
However if it's a website that contains a route that is (for example) under a paywall or limited access to specific content without being registered or paid (for example: a members-only article or a website with paid courses), then you will need to perform this server sided and prevent returning any content prior to checking if the user has an active account

Yeah, it is the option two - the content should only be visible to certain users

I tried to find any server side documentation but I can't find anything on how to do things on the server

Regarding the seccond question on how to check if the user is authenticated or not, you can check it with:
account.get();
If it throws error, that means there is not an active or valid session (so user is not logged it). Full example:
const account = new account(client);
try{
account.get();
//The code in those lines will be executed if the user is logged in so you can redirect here, trigger a function, set a variable, etc.
} catch (error) {
console.error(error);
//Here you redirect to login or something else if user since the error will mean that there is not any active session
}

Is this helpful for you?

But this is on the clientside right?

I want to get it to the server, to the +page.server.ts files etc
Recommended threads
- Bypass Error When Creating Account With ...
Suppose user first uses email/pass for log in using xyz@gmail.com, few month later on decides to use google oauth2 with same xyz@gmail.com (or in reverse orde...
- No mails from Appwrite
Hello, Since severals days, i have a problem : i d'ont received any mails from Appwrite. I'm using the auth by mail and i don't any code so any mails from App...
- wrong code for google oauth2 ?
gives User (role: guests) missing scope (account) error
