Level 80
@beginnersoul What have you tried so far?
1 like
Sep 26, 2021
10
Level 2
Vue router hide and show menu
Hello How I can make that the router menu will be hidden if the person will not login? The login works with a pincode and/or QR code and if the code is correct then a true boolean will be returned. If the person did login successfully then the specific menu will be showed with children menu.
So how I can do that?
Level 2
That is the problem because I don't even know with what I should start.
1 like
Level 80
@BeginnerSoul Well what are you struggling with? Vue Router? Because if you don’t know how to do this with a “traditional” application then I’d say you shouldn’t be trying to do it inside Vue either otherwise you’re just biting off way more than you can chew and making the task more complicated than it has to be.
1 like
Level 2
@martinbean I know the beginner level how to use router, just didn't know how to hide menus if the person didn't login.
1 like
Level 5
Well, basically you need to save the authentication status of a user, let's say, in localStorage and use it for showing/hiding the menu and to protect routes.
Maybe this would help to figure things out? https://router.vuejs.org/guide/advanced/navigation-guards.html#global-before-guards
2 likes
Level 80
you need to save the authentication status of a user, let's say, in localStorage and use it for showing/hiding the menu and to protect routes.
@xdimension …and if someone starts tinkering with localStorage then they’ll again see the menus and routes they shouldn’t.
One of the reasons I hate SPAs. Authentication and authorisation is a server-side concern, and just pushing everything to the client is not a great idea.
EDIT: Your application’s security is going to be weakened if you follow the advice in the answer you accepted, @beginnersoul.
1 like
Level 5
@martinbean That's just the status or the flag, everything else are handled by Laravel Sanctum securely, like users definitely won't be able to access any API endpoint if they're not authenticated.
1 like
Level 80
@xdimension Of course you’d check authorisation (again) on the server-side, but still pushing those initial checks to the client is still a bad idea.
To me, a user shouldn’t be able to see permissions, feature flags, etc if they shouldn’t be able to. I don’t care if it’s validated on the back-end; it’s still exposing things to the client that I don’t really want exposing.
Whereas a server-rendered view; the user only sees what the server says they should see. A user can’t see what permissions they don’t have, what feature flags are disabled for them, etc.
1 like
Level 5
@martinbean So, what would you propose? avoid implementing SPA at all?
1 like
Level 63
@martinbean Do you mean that show / hide items of a menu should be decided by the backend ? In this case using VueJS and Laravel, using a package like InertiaJS with server-side rendering would be a better idea ?
I understand what you mean by saying that everyone should avoid exposing any information to the user (for example the permissions) in the frontend.
If the best pratice is to avoid using any flag in the frontend, perhaps it's better to call the API each time it's needed to check if a user is authenticated or not. So there is no flag set in the browser. Or is there another more secure pratice ?
Thanks for some more advice ;).
Please or to participate in this conversation.