I'm learning the ins and outs of the new DerbyJS stack, and I can't find a way to put application logic server-side. The stated intent is that all code should be able to run both in the server, and in the client. However, I need certain data to be kept hidden, and only sent to the client if authenticated based on user session info. How can I accomplish this using a Racer store?
You can place server-side application logic in the app/server
directory. On the server, Derby apps expose an Express middleware, so you can chain other middleware before this. For example, you could have an authentication middleware that prevents certain routes from being rendered if the user is not logged in.
However, this is not a sufficient solution to authentication, because data updates come in as messages over Socket.IO, and they won't go through the Express middleware that initial page requests go through.
We are going to add a simple solution that makes it possible to authenticate users and then authorize them based on the path whenever they subscribe to or modify data, but this is not implemented yet. This is high on the list of things that need to be done, and Derby is still under rapid development.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With