_rohit
11/11/2022, 9:29 AMxtc
11/11/2022, 11:51 AM_rohit
11/11/2022, 3:26 PM_rohit
11/11/2022, 3:28 PM_rohit
11/11/2022, 3:53 PMrp
11/11/2022, 4:16 PMAyush6543
11/11/2022, 5:19 PMrp
11/11/2022, 5:44 PMAithusa
11/11/2022, 6:58 PMwebsiteDomain: string,
nadilas
11/11/2022, 8:15 PMrp
11/11/2022, 9:48 PMrp
11/11/2022, 9:49 PM_Nico
11/12/2022, 1:35 AMrp
11/12/2022, 4:37 AMtexoport
11/12/2022, 9:45 AMzkingboos_
11/12/2022, 2:48 PMrp
11/12/2022, 3:09 PMtexoport
11/12/2022, 7:54 PM_Nico
11/12/2022, 10:31 PMsession.Init(&sessmodels.TypeInput{
Override: &sessmodels.OverrideStruct{
APIs: func(originalImplementation sessmodels.APIInterface) sessmodels.APIInterface {
*originalImplementation.VerifySession = func(verifySessionOptions *sessmodels.VerifySessionOptions, options sessmodels.APIOptions, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {
options.Res.Header().Set("Content-Type", "application/json")
s, _ := session.GetSessionWithContext(options.Req, options.Res, verifySessionOptions, userContext)
if s == nil {
return nil, errors.New("testing")
}
return s, nil
}
return originalImplementation
},
},
}),
And this middleware:
func verifySession(options *sessmodels.VerifySessionOptions) gin.HandlerFunc {
return func(c *gin.Context) {
session.VerifySession(options, func(rw http.ResponseWriter, r *http.Request) {
c.Request = c.Request.WithContext(r.Context())
c.Next()
})(c.Writer, c.Request)
c.AbortWithStatus(401)
}
}
The response is plain text instead of a json in postman... I don't know why thoughJustin90(LawrenceGX1)
11/12/2022, 11:46 PMrecipe/session/verify
. And looked into the source code, noticed it does few things:
- Get access token from the session
- Get config about whether checking blacklist from DB query.
- Seems if the above config is false, it will do some DB transaction to update information inside session.
Here are the source code I read:
- Verify session API: https://github.com/supertokens/supertokens-core/blob/master/src/main/java/io/supertokens/webserver/api/session/VerifySessionAPI.java#L69
- Get session called inside the verify session API: https://github.com/supertokens/supertokens-core/blob/master/src/main/java/io/supertokens/session/Session.java#L142
Hence, looks like it's not a stateless check (like Auth0, just validating the JWT token has expired or not). So I am bit concern about the performance because looks like it's the recommend way in the doc for APIs required user to be logged in: https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/session-verification-in-api/verify-session
The reason of having the concern is the nature of the business, which is selling hype ecommerce products. So the first 10-15 minutes, it would be a lot requests hitting our platform.
Please correct me if I am wrong here 🙏rp
11/13/2022, 4:33 AMrp
11/13/2022, 4:36 AMsahas
11/13/2022, 8:07 AMrp
11/13/2022, 8:33 AMnosmaster89
11/13/2022, 10:17 PMrp
11/14/2022, 5:33 AMexecreate
11/14/2022, 11:38 AMkamyab
11/14/2022, 12:59 PMtexoport
11/14/2022, 1:33 PMtexoport
11/14/2022, 1:34 PM