Mixing authenticated and unauthenticated LiveViews

Phoenix Forum Questions / Help
, , ,
1

Is there a way to let authenticated users live_navigate from an authenticated route to an unauthenticated route without a doing a page reload? I have some standard routes

live "/posts", PostLive.Index, :index
live "/posts/new", PostLive.Form, :new
live "/posts/:id", PostLive.Show, :show
live "/posts/:id/edit", PostLive.Form, :edit

I would like to make /posts and /posts/:id accessible to all users, and /posts/new and /posts/:id/edit accessible only to authenticated users. I can add the routes to the :current_user and :require_authenticated_user, but then authenticated users would have to do a page reload when navigating from e.g. /posts/new to /posts.

2

Live sessions always require a reload, but you can do your auth check manually in mount instead of in a hook if youbreally want to avoid reloading.

As in only assign the user (allowing current user to be nil) and implement the security aspects based on the live action in mount.

Easy to foot gun yourself and forget and very repetetive so maybe worth asking yourself if it is worth it.

3

So if I understand correctly you mean something like this

scope "/", MunchWeb do
  pipe_through [:browser]
  live_session :current_user,
    on_mount: [{MunchWeb.UserAuth, :mount_current_user}] do
    live "/posts", PostLive.Index, :index
    live "/posts/new", PostLive.Form, :new
    live "/posts/:id", PostLive.Show, :show
    live "/posts/:id/edit", PostLive.Form, :edit
  end
end

and redirecting unauthenticated users in PostLive.Form.mount? What are the possible foot-guns?

4

That you forget :smiley:

5

:grinning: I was worried about security, but if it just means the user isn’t redirected sometimes when I forget to add the on_mount handler to a LiveView, then that’s not too bad.