I creating web application with laravel as backend and vue as frontend (SPA). but for authentication I do not use jwt auth but instead use the normal laravel auth session. so when the web was first loaded I put a global variable to access the user information in order to setup middleware.
Global user information.
<script>
window.App = {
config: @json($config),
user: @json($currentUser)
}
</script>
So in vue js I'm make middleware for auth like this.
Auth.js
export default (to, from, next) => {
if (!window.App.user) {
window.location.href = "/login";
} else {
next();
}
};
Guest.js
export default (to, from, next) => {
if (window.App.user) {
next({ name: "home" });
} else {
next();
}
};
In component I had to do like so.
Vue.prototype.$auth = window.App.user;
<template>
</template>
<script>
export default {
methods: {
post() {
if (this.$auth) {
// request to server
}
}
}
}
</script>
Is this good to implement authentication middleware like this? can the client modify window.App.user? can the client access the server just by modifying window.App.user? something like in the console
window.App.user = { id: 1, name: "Test" }
