Hello all,
Does anyone know how to stop the scaffolding from being included in my app? I am building an App that doesn’t use Auth, but that doesn’t mean I want users able to modify the data.
I don’t want to keep all the scaffolding in a different App and point them at the same database.
Thanks,
Al;
Hi Al, I’m not exactly sure what you’re referring to, so my assumption is that you are generating CRUD scaffold for a DB model, including routes and all components. “Modify the data” could happen in one of two ways:
“Not using Auth” doesn’t mean you should avoid securing your endpoints and routes. Seems to me like you should still enable Auth (maybe even the “custom auth” provider) and then use it to secure your API endpoints. You should also use private on routes or <Set /> for a set of routes. You can also use logic within components (i.e. isAuthenticated).
Am I on the right track… helpful?
I’m making an app that will have no login for the user, and will be themed dynamically based on the referrer
I’m using sqlite to manage the settings and options - RW works so much better when I do this. A table for the known referrers with columns determining which theme files to load.
That gives me scaffolding for building and maintenance, and includes that scaffolding in the final app.
So I want to offer the scaffolding routes only during development (or in this case only on localhost)
I did this:
<Set wrap={UiMessagesLayout} private={!/localhost/.test(window.location.host)}>
<Route path="/ui-messages/new" page={UiMessageNewUiMessagePage} name="newUiMessage" />
<Route path="/ui-messages/{id:Int}/edit" page={UiMessageEditUiMessagePage} name="editUiMessage" />
<Route path="/ui-messages/{id:Int}" page={UiMessageUiMessagePage} name="UiMessage" />
<Route path="/ui-messages" page={UiMessageUiMessagesPage} name="UiMessages" />
</Set>
This let’s me leave all scaffolded code untouched, while anyone that knows the routes will get an empty page (because there’s no redirect for private in this case)
So I think we were all thrown by the term “scaffolding” which to us means running a generator that creates assets like pages and a model and sdl and services and routes in a file.
I think what you are asking is: how do I permit access to certain pages when running on local host -/ or maybe when in development mode.
Just remember that whatever queries and mutations you have here are available and you should secure them accordingly.
Or just delete the generated routes.
I intended the term scaffolding to indicate the results of the process
yarn rw g scaffolding UiMessages
All of the results of that action, in this case, were what I was talking about
But you are right, @requireAuth will not stop anyone for real unless auth has been configured.
In this case they will find that their changes are only updating their sqlite db’s copy of the UI theming settings - no one else will ever see them
I’ll setup real auth if we migrate that data to a remote database and stop distributing it with the app