Solution:
Is this good to implement authentication middleware like this?
yes just improve its:
helper funcation:
export function isAuthenticated() {
return window.App.user !== null; //or !== undefinded
}
Auth.js
export default (to, from, next) => {
//this tested using Vue Router
const publicPages = ['/login'];
const authRequired = !publicPages.includes(to.path);
if (authRequired && !isAuthenticated()) {
next('/login'); // or window.location.href = "/login";
}else{
next('home');
}
}
can the client modify window.App.user?
yes every thing in client side is editable
can the client access the server just by modifying window.App.user?
This is related to your server logic (middlewares)