Skip to content
Announcing the Appwrite X MongoDB partnership
Start building
Back

Handle protected routes

  • 0
  • Accounts
  • Web
View on Discord
Isak
22 Jan, 2024, 15:31

I just got into Appwrite, it's awesome!

I'm doing authentication for my SvelteKit app and I have managed to create login and register, but when I want to create the protected routes - I'm not sure how to do it.

Is it secure to handle protected routes inside page.ts files on the client?

TypeScript
export const load = async ({ parent }) => {
    const { account } = await parent();

    if (account.loggedin) {
        throw redirect(303, "/auth");
    }
}

Or how should I redirect the user if they aren't authed?

TL;DR
The developer is asking for help with handling protected routes in their SvelteKit app. They are unsure if it is secure to handle protected routes inside the client-side page.ts files. Another question they have is about how to redirect the user if they are not authenticated. In response, another developer suggests checking the user's authentication status using `account.get()` in a try-catch block. If an error is thrown, it means the user is not logged in and can be redirected to the login page. The recommendation is to handle the redirection on the client-side unless the content is sensitive and requires server-side validation. The developer also mentions that they
D5
22 Jan, 2024, 15:37

Is it secure to handle protected routes inside page.ts files on the client?

Regarding this, if the page contains data generated by user, for example, that is not accessible by everyone without proper permissions, then, I think it will not matter at all if the redirect is being performed client side.

However if it's a website that contains a route that is (for example) under a paywall or limited access to specific content without being registered or paid (for example: a members-only article or a website with paid courses), then you will need to perform this server sided and prevent returning any content prior to checking if the user has an active account

Isak
22 Jan, 2024, 15:39

Yeah, it is the option two - the content should only be visible to certain users

Isak
22 Jan, 2024, 15:39

I tried to find any server side documentation but I can't find anything on how to do things on the server

D5
22 Jan, 2024, 15:44

Regarding the seccond question on how to check if the user is authenticated or not, you can check it with:

TypeScript
account.get();

If it throws error, that means there is not an active or valid session (so user is not logged it). Full example:

TypeScript
const account = new account(client);
try{
account.get();
//The code in those lines will be executed if the user is logged in so you can redirect here, trigger a function, set a variable, etc.
} catch (error) {
console.error(error);
//Here you redirect to login or something else if user since the error will mean that there is not any active session
}
D5
22 Jan, 2024, 15:45

Is this helpful for you?

Isak
22 Jan, 2024, 15:54

But this is on the clientside right?

Isak
22 Jan, 2024, 15:54

I want to get it to the server, to the +page.server.ts files etc

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more