Make authentification guide simpler
dkzlv opened this issue Β· 7 comments
Hi, guys!
First of all, great project idea πI've tried to come up with a valid idea on a usable data synchronization engine between backend and client, and all I got was sending data with timestamps back and forth, not so convenient. Glad someone wants to make this whole mess working once and for all.
Stumbled upon Andrey's request to try and launch logux following your starting guide and drop a line on problems one may encounter.
I've tried to carefully follow every step, but some results doesn't match those in the doc.
reducers/index.js
If you implement it like it is in the doc, nothing will work on this step, because of an error:
Store does not have a valid reducer. Make sure the argument passed to combineReducers is an object whose values are reducers.
I've changed the implementation to a simple counter reducer and this error was gone. Example purpose only, of course.
const reducer = (state = 0, action) => {
if(action.type === 'inc') return state + action.payload
else if(action.type === 'dec') return state - action.payload
else return state
}
export default reducer
Logux server sent error: Wrong credentials
Also doesn't seem to work, I don't even have anything in WS tab except the one with hot code reload stuff.
I had a thought, that I may be watching the wrong place, but I've even tried to throw an error in server.auth method, but nothing happens at all; however if I open the healthcheck url everything seems to be fine. Can you please tell me what I'm doing wrong?
My opinions
The rest is only my opinion on the document itself, so you can ignore if you want π
- I think this guide should separate authorization implementation details and logux server stuff. I would even offer you to change authentication chapter to something like "Pretend we only have a user with email test@example.com and password 123456". It would make the demo 10 times simpler. It would also mean that you can drop the DB stuff out of tutorial and, say, use node module variables as storage just for the sake of simplicity. Does it really matter how I retrieve data when all I want is to have a grasp on how the library works?
- I'm not sure about it, but seems to me on current stage of the project every single document anyone reads should sell the project idea, jump to the fancy stuff and avoid all the unnecessary instructions. From what I saw the tutorial was mostly a demonstration of different stuff loosely related to the topic. It would be awesome to have something like the README.md demonstration, but the one you can touch, run and see how it works in the wild with all the fancy stuff that you talk about (like conflict resolution, offline-first work and multi-tab/multi-device).
Anyway, good luck with the project. Will follow you and try to use in future π
Thank for suggestions.
Store does not have a valid reducer. Make sure the argument passed to combineReducers is an object whose values are reducers.
Fixed 66e8b7f
Logux server sent error: Wrong credentials
At what step did you find this error?
If it was still on 3-creating-redux.md, how we can make this warning more clear and understandable?
I think this guide should separate authorization implementation details and logux server stuff
I am afraid of repeating MongoDB problem. They have very simple auth process by default. And now most of MongoDB databases are not protected at all.
Maybe we can add some logux/auth library to simplify examples, but I want to finish docs first and then move to create helpers (and updating docs using these helpers).
It would also mean that you can drop the DB stuff out of the tutorial and, say, use node module variables as storage just for the sake of simplicity.
I want to be more on Ruby on Rails way with everything is ready after initializing, rather than Node.js way when junior developers donβt know how to do basic things like adding DB correctly.
It would be awesome to have something like the README.md demonstration, but the one you can touch, run and see how it works in the wild with all the fancy stuff that you talk about
Yeap. Docs are just in the beginning.
I will create an example and more docs about Logux internals and best practices.
Right now we have selling 1-architecture part and very production oriented 2-starting.
You are right that 2-starting are created very close to the real production code. But it was made by a purpose. I want to give a strict instruction on how to create a real project, not fancy but dangerous demo.
However, I agree that we should be even more on Ruby on Rails way and provide good production ready server with fewer steps. I will do it after I will finish the first version of the docs.
I am afraid of repeating MongoDB problem. They have very simple auth process by default. And now most of MongoDB databases are not protected at all.
Well, I think you'll be really happy if Logux reaches the same scale as MongoDB π So maybe it's not that big of a deal.
But yeah, I understand this. I just think that authorization, tokens, databases and such stuff is kinda out of the scope of the project. It would be awesome to have a definitive guide on this, but I think it may very well be impossible to target junior devs who have no idea about backend systems. You would need to create a tutorial that covers so much that you'll end up being a tutor on Udemy πAlso there's actually a ton of material that already cover these topics. I thought this document was supposed to cover the things I don't know rather than force me to reimplement the things I already know.
But, anyways, I think you know what you're doing so keep up! In the end an experienced developer will find a way to smash this guide into the least possible steps.
At what step did you find this error?
If it was still on 3-creating-redux.md, how we can make this warning more clear and understandable?
It would be okay if this error popped up but it just didn't, that is the problem. I have logux-backend started with this code:
const { Server } = require('@logux/server')
const pg = require('pg-promise')
const server = new Server(
Server.loadOptions(process, {
subprotocol: '0.1.0',
supports: '^0.1.0',
root: __dirname
})
)
server.auth((userId, token) => {
// return userId === 'email@example.com' && token === 'qwerty123456'
throw new Error('Hey there!')
})
server.listen()
let db = pg()(process.env.DATABASE_URL)
I have logux-client started with this code:
// imports
const createStore = createLoguxCreator({
subprotocol: '0.1.0',
server: process.env.NODE_ENV === 'development'
? 'ws://localhost:31337'
: 'wss://logux.example.com',
userId: 'email@example.com',
credentials: 'qwerty123456'
});
const store = createStore(reducer);
badge(store.client, { messages: badgeMessages, styles: badgeStyles });
log(store.client);
ReactDOM.render(<Provider store={store}><App /></Provider>, document.getElementById('root'));
No error pops up in browser console or node console, the exception is never thrown, new websocket doesn't appear in network tab in browser except the one related to HMR. That's why I failed to get to the fancy stuff of the lib.
I just think that authorization, tokens, databases and such stuff is kinda out of the scope of the project.
For my perspective, 2-starting is to start a real project, not to create an example.
Why database and tokens are out of scope real project?
You would need to create a tutorial that covers so much that you'll end up being a tutor on Udemy
Will it solve the problem when I will move auth to a plugin so it will be just a few lines?
Another idea is to add a special login command to the protocol to avoid tricky code with a guest session for login.
I will keep this issue open until I will have some solution to make auth code smaller.
Also there's actually a ton of material that already cover these topics.
Most of the materials are outdated. Security is still a big problem in IT.
It would be okay if this error popped up but it just didn't, that is the problem
Oops. Fixed 55a2174
Why database and tokens are out of scope real project?
It isn't. It's just a matter of two questions: what you want to achieve with this project and who your target audience is. As I saw it you were trying to solve the data synchronization problem for developers with prior experience who already know that this is a real pain in the ass.
Oops. Fixed 55a2174
Oooh, yeah, now we're talking π Thanks for your help! Will try to go deep into this forest.
I've thought about this issue in general and now I tend to think that I just didn't spend enough time to read all the documents. I see there may be all the info out there in 1-architecture folder.
As I saw it you were trying to solve the data synchronization problem for developers with prior experience who already know that this is a real pain in the ass.
It is more complicated.
- First, we may see non-Node.js developers who need help with finding database best practices for Node.js.
- Second, we also trying to achieve middle developers, who need to add WebSocket to their redux project
I see there may be all the info out there in 1-architecture folder.
Yeap, this part is much better in showing Logux benefits.
Another way is to add temporal authentification like:
server.auth(() => process.env.NODE_ENV === 'development')