New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
user session, log in / log out #883
Comments
This is what https://go-app.dev/states can be used for. |
oh no :D
https://github.com/krustowski/litter-go/blob/master/backend/api.go#L16 |
@krustowski I actually do not understand the problem? The local store belongs to the user. We use https://docs.nats.io/using-nats/developer/connecting/creds for authorization mostly. But if you have something on the frontend that the user is "not allowed" to modify, it will always be hackable. |
I wanted user not to be able to modify one field in LocalStorage (user struct). So i overengineered it a bit, used E2E encryption for the BE-FE intercommunication with a shared key, which is compiled into the WASM library a exported via env var for the HTTP server (BE). |
Anything on client side can potentially be modified. What I did on https://murlok.io is to use JWT token with asymmetrical keys and check validity on server side before returning any data. |
@maxence-charriere this is exactly the basis of what happens when using the NATS distrbuted authentication scheme I linked above. |
I'm looking for a way to implement user session where:
Basically storing the token in the browser would be sufficient for me to implement this. Value that would be kept even if page is reloaded, that I can access and modify at any time.
I wonder what mechanism I should be using for that, I've found this in the documentation, but seems to be for storage only:
The text was updated successfully, but these errors were encountered: