segidev
10/18/2022, 11:44 AMEmailPassword.signIn
with no logic in between or anything hooking in.nkshah2
10/18/2022, 12:01 PMsegidev
10/18/2022, 12:02 PMjavascript
async login(payload: { email: string; password: string }) {
const response = await EmailPassword.signIn({
formFields: [
{
id: "email",
value: payload.email,
},
{
id: "password",
value: payload.password,
},
],
});
if (response.status === "OK") {
const verification = await EmailVerification.isEmailVerified();
if (!verification.isVerified) {
await EmailVerification.sendVerificationEmail();
throw Error("emailverification");
} else {
await this.verifyAuth();
}
return;
}
throw Error(response.status);
}
segidev
10/18/2022, 12:03 PMjavascript
SuperTokens.init({
appInfo: {
appName: "ono",
apiDomain: import.meta.env.VITE_API_HOST,
apiBasePath: "/auth",
},
recipeList: [EmailVerification.init(), EmailPassword.init(), Session.init()],
});
segidev
10/18/2022, 12:03 PMnkshah2
10/18/2022, 12:03 PMsegidev
10/18/2022, 12:05 PMgo
func (c *UserController) getUser(ctx *gin.Context) {
session := session.GetSessionFromRequestContext(ctx.Request.Context())
userID := uuid.MustParse(session.GetUserID())
// Request the full user
u, err := c.getFullUser(userID)
if err != nil {
NewError(ctx, err)
return
}
ctx.JSON(http.StatusOK, u)
}
segidev
10/18/2022, 12:05 PM"github.com/supertokens/supertokens-golang/recipe/session"
nkshah2
10/18/2022, 12:06 PMgetFullUser(userID)
do?segidev
10/18/2022, 12:06 PMgo
func OnlyAuthorized(options *sessmodels.VerifySessionOptions) gin.HandlerFunc {
return func(c *gin.Context) {
session.VerifySession(
options,
func(rw http.ResponseWriter, r *http.Request) {
c.Request = c.Request.WithContext(r.Context())
c.Next()
},
)(c.Writer, c.Request)
// We call Abort so that the next handler in the chain is not called, unless we call Next explicitly
c.Abort()
}
}
segidev
10/18/2022, 12:07 PMgetFullUser
does this:
go
func (c *UserController) getFullUser(userID uuid.UUID) (*models.User, error) {
u, err := c.dataService.DB.User.Query().Where(user.ID(userID)).WithProfile().Only(context.Background())
if err != nil {
return nil, err
}
response := models.User{
ID: u.ID.String(),
EMail: u.Email,
}
if u.Edges.Profile != nil {
response.Profile = &models.UserProfileResponse{
BaseViewModel: models.BaseViewModel{
ID: u.Edges.Profile.ID,
CreateTime: u.Edges.Profile.CreateTime.UTC().Format(time.RFC3339),
},
UserProfileRequest: models.UserProfileRequest{
FirstName: u.Edges.Profile.FirstName,
LastName: u.Edges.Profile.LastName,
},
}
}
return &response, nil
}
segidev
10/18/2022, 12:09 PMnkshah2
10/18/2022, 12:10 PMsegidev
10/18/2022, 12:11 PMts
async register(payload: { email: string; password: string }) {
const response = await EmailPassword.signUp({
formFields: [
{
id: "email",
value: payload.email,
},
{
id: "password",
value: payload.password,
},
],
});
if (response.status === "OK") {
await EmailVerification.sendVerificationEmail();
return;
}
throw Error(response.status);
}
nkshah2
10/18/2022, 12:12 PMsegidev
10/18/2022, 12:12 PMsegidev
10/18/2022, 12:12 PMsegidev
10/18/2022, 12:12 PMnkshah2
10/18/2022, 12:13 PMc.dataService.DB.User.Query().Where(user.ID(userID))
is not your segidev
10/18/2022, 12:13 PMgo
// Adding the SuperTokens middleware
r.Use(func(c *gin.Context) {
supertokens.Middleware(
http.HandlerFunc(
func(rw http.ResponseWriter, r *http.Request) {
c.Next()
},
),
).ServeHTTP(c.Writer, c.Request)
c.Abort()
})
segidev
10/18/2022, 12:14 PMsegidev
10/18/2022, 12:14 PMsegidev
10/18/2022, 12:15 PMemailpassword_users
tablesegidev
10/18/2022, 12:15 PMgo
type User struct {
ent.Schema
}
func (User) Annotations() []schema.Annotation {
return []schema.Annotation{
entsql.Annotation{Table: "emailpassword_users"},
}
}
func (User) Fields() []ent.Field {
return []ent.Field{
field.String("id").
Unique().
GoType(uuid.New()).
Immutable().
StorageKey("user_id"),
field.String("email").Unique().Immutable(),
field.String("password_hash").Unique().Sensitive().Immutable(),
field.Int("time_joined").Immutable(),
}
}
func (User) Edges() []ent.Edge {
return []ent.Edge{
edge.To("profile", UserProfile.Type).
Unique(),
}
nkshah2
10/18/2022, 12:17 PMsegidev
10/18/2022, 12:17 PMsegidev
10/18/2022, 12:18 PMnkshah2
10/18/2022, 12:18 PMsegidev
10/18/2022, 12:18 PMsegidev
10/18/2022, 12:19 PMemailpassword_users
table is wrong. The whole session was for another user and therefore all the data of that user could be seensegidev
10/18/2022, 12:19 PMsegidev
10/18/2022, 12:19 PMsegidev
10/18/2022, 12:19 PMsession.GetSessionFromRequestContext
to retreive the current usernkshah2
10/18/2022, 12:22 PMemailpassword_users
table directlynkshah2
10/18/2022, 12:26 PMsegidev
10/18/2022, 12:30 PMnkshah2
10/18/2022, 12:30 PMsegidev
10/18/2022, 12:30 PMsegidev
10/18/2022, 12:30 PMnkshah2
10/18/2022, 12:34 PMthis.verifyAuth()
on the frontend do?segidev
10/18/2022, 12:38 PMts
async verifyAuth() {
if (await Session.doesSessionExist()) {
if (!(await EmailVerification.isEmailVerified()).isVerified) {
return false;
}
try {
const resp = await axiosInstance.get<SuperTokenUserViewModel>(
"/api/v1/user"
);
this.setUser(resp.data);
return true;
} catch (error) {
if (axios.isAxiosError(error)) {
if (error.code === "ERR_NETWORK") {
this.setGlobalToast({
detail: i18n.global.t(trans.NETWORK_PROBLEM_PLEASE_TRY_AGAIN),
life: 3000,
severity: "error",
});
}
}
return false;
}
}
return false;
}
rp_st
10/18/2022, 12:54 PMsegidev
10/18/2022, 12:58 PMsegidev
10/18/2022, 12:58 PMsegidev
10/18/2022, 12:59 PMsegidev
10/18/2022, 12:59 PMrp_st
10/18/2022, 1:03 PMrp_st
10/18/2022, 1:03 PMsegidev
10/18/2022, 1:07 PMsegidev
10/18/2022, 1:07 PMsegidev
10/18/2022, 1:08 PMrp_st
10/18/2022, 1:28 PMsegidev
10/19/2022, 5:25 AMsegidev
10/19/2022, 5:26 AMsession_info
table is wrongly mixed up with the emailpassword_users
?segidev
10/19/2022, 5:26 AMsession_info
table?nkshah2
10/19/2022, 5:27 AMkakashi_44
10/19/2022, 5:37 AMsession_info
table should be good enough if you want to remove all the sessionssegidev
10/19/2022, 5:38 AM