undefined | Better HN

0 pointsabdullahkhalids2y ago0 comments

Thanks. This helps a lot.

However, I am concerned that the @reflex_local_auth.require_login decorator [1] merely redirects users to the login page.

> Although this seems to protect the content, it is still publicly accessible when viewing the source code for the page! This should be considered a mechanism to redirect users to the login page, NOT a way to protect data.

So, I have to put an if-else condition on the State data associated with each protected page, in addition to this decorator. The reasonable way to do it would be for the decorator to actually prevent any data load at all before redirecting. This will prevent a lot of mistakes, besides removing boiler plate.

[1] https://github.com/masenf/reflex-local-auth

0 comments

masenf2y ago

That's a really good point. Definitely something we need to work out before integrating this into the core framework.

j / k navigate · click thread line to collapse

0 pointsabdullahkhalids2y ago0 comments

Thanks. This helps a lot.

However, I am concerned that the @reflex_local_auth.require_login decorator [1] merely redirects users to the login page.

[1] https://github.com/masenf/reflex-local-auth