Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Aurelia: how to manage sessions

Tags:

aurelia

I'm trying to develop a website where the nav-bar items depend on the role of the user who is logged in.

As Patrick Walter suggested on his blog, I was thinking to create a session.js file where I would store information about the current user: their username and role. I would then inject this file in nav-bar.js and create a filter for the routes, for which the user does not have access to. Everything worked fine until I hit the refresh button... In fact, it creates a new session object and I loose all the information store in the previous one.

I have seen in the docs the singleton method, but I'm not sure how to use it. If I insert it in my code such as below, I get the message: aurelia.use.singleton is not a function.

import config from './auth-config';

export function configure(aurelia) {
    console.log('Hello from animation-main config');
    aurelia.use
      .singleton(Session)
      .standardConfiguration()
      .developmentLogging()
      .plugin('aurelia-animator-css')
      .plugin('paulvanbladel/aurelia-auth', (baseConfig) => {
          baseConfig.configure(config);
    });
    aurelia.start().then(a => a.setRoot());
}

export class Session {
    username = '';
    role = '';
    reset() {
        console.log('Resetting session');
        this.username = '';
        this.role = '';
    };
}

My last idea would be to encrypt the role/username and use the browser's session to store the information. But I wanted to ask to more experienced developers their opinion about the topic.

Thanks for your help!

EDIT: Here is my code for session.js

export class Session {
    username = '';
    role = '';
    reset() {
        console.log('Resetting session');
        this.username = '';
        this.role = '';
    };
}

And this is how I inject it:

import {Session} from './services/session';
@inject(Session)
export class RoleFilterValueConverter {
    constructor(session) {
        console.log('Hello from RoleFilter constructor', session)
        this.session = session;
    };
    toView(routes, role) {
        console.log('Hello from view', role, this.session)
        if (this.session.role == 'Superuser')
          return routes;
        return routes.filter(r => {
          var res = !r.config.role || (r.config.role == this.session.role);
          return res
        });
    }
}
like image 251
Gpack Avatar asked Aug 19 '15 02:08

Gpack


2 Answers

In the main entry point (let's assume it's index.html) you should have something like this:

<body aurelia-app="path/to/main">
    <script src="jspm_packages/system.js"></script>
    <script src="config.js"></script>
    <script>
      System.import('aurelia-bootstrapper');
    </script>
</body>

This imports the entire aurelia enviorment and so when it reaches the export function configure(aurelia) { ... } it should pass an instance of type Aurelia and bind it to the aurelia parameter and should resolve your aurelia.use.singleton is not a function. error. After that, in your session.js file when using @inject(Session) it should pass the same instance you declared at startup.

I also implemented a singleton session object to store user data and have chosen this method because it's more convenient to rely on dependency injection rather than always calling a method to get user data from a cookie.

like image 98
Laurentiu Stamate Avatar answered Oct 25 '22 09:10

Laurentiu Stamate


Though Laurentiu's answer is not bad, there are better ways to handle this that do not add complexity to your app.

You do not need to need to specify this as a singleton. This particular function is more for an edge case where you would want to expose a particular item to the dependency injection container as a singleton before startup.

In fact, the Aurelia dependency injection framework treats all modules as singletons unless specified otherwise. Thus, the code should work as you have it written there, without the configure function.

I've written up an in-depth blog that you maay find helpful here: http://davismj.me/blog/aurelia-auth-pt2/

like image 26
Matthew James Davis Avatar answered Oct 25 '22 10:10

Matthew James Davis