What is the point of Protected Functions?

jhull · January 4, 2020, 8:50pm

Following along with @swyx in this AMAZING video (3.5 hours intro to Netlify), and making the transition from a SSR Laravel App to a JAMstack masterpiece, I’m struck with this question.

If we have to do this on every component:

netlifyIdentity.init();
const user = netlifyIdentity.currentUser();

BEFORE we try to call a protected function:

let protectedData = this.$axios.get(`protected-function`, 
      user && { 
      headers: { 
        Authorization: 'Bearer ' + user.token.access_token,
        accept: "Accept: application/json"
        }
    })

how is that any different then just checking the existence of user within the component:

if (user){
let protectedData = this.$axios.get(`regular-not-protected-function`, 
      user && { 
      headers: { 
        Authorization: 'Bearer ' + user.token.access_token,
        accept: "Accept: application/json"
        }
    })
}

I’m sure there’s something I’m missing here, but for now, it just looks like I’m repeating the logic in the protected function.

Dennis · January 10, 2020, 2:02pm

I think, by having the variable reference the currentUser() directly, it would be safer to assume that the user is truly current, since an existing user variable could be referencing a stored and maybe expired session. Basically, you’ll probably want to make sure that each call goes through that verification. Let me know if that makes sense.