Frontend auth system SUCKS

[itsdouges]

We have a shit ton of { ignoreAuth: this.context._userAlias !== alias } to get around the fact that sending the auth token for resources that aren't yours makes the backend behave weirdly.

This is because if you use a invalid token sent to the backend, the auth middleware complains and doesn't send the data through. Ideally it shouldn't care.

AND EVEN THEN because of that if the user's auth takes too long to load, because of the "work around" we have in place if you load a hidden authenticated page (character list or character) 99% chance you won't get what you expect (404 or characters not in list).

We need to do two things:

• modify the backend to allow bad tokens
• modify the frontend to have a more elegant auth system (use some HOC + smarts)

See: #85