requireUser results in a call to db
onurzdg opened this issue · 2 comments
onurzdg commented
it says in the documentation of Snaplet-Auth that "requireUser" does not have a DB cost, but it actually does unless your session cookie expires but remember cookie is still valid. It results in a call to isLogged, which in turn calls currentUser. I think there's no reason why we cannot verify without a hit to DB that the user is logged in by checking if user id exits in the user's session as shown below.
restrict' :: AppHandler () -> AppHandler ()
restrict' h = do
mUid <- with sess $ getFromSession "__user_id"
case mUid of
(Just _) -> h
_ -> userNotLoggedIn
mightybyte commented
ping @ozataman
nurpax commented
FWIW, there's some related discussion on currentUser here: https://groups.google.com/forum/#!searchin/snap_framework/db$20cost/snap_framework/o5Jp7PxL06E/9-6UtYxQvrwJ - I've observed the same that requireUser does have a db cost.