Comments (8)
from docusaurus.
HI.
I understand that you want to drive the discussion to a concrete technical solution, but to me, it is more important that you explain the business use case, and the outcome you want from all this. This way, I can figure out the technical solution, and maybe propose you an alternative/workaround.
Can you explain:
- why you want to protect a single URL in the first place?
- why did you choose Docusaurus given that constraint?
- why you want to link to it from a public page, and what should be the experience for a user when they click on the link considering they are not authenticated?
What you need looks complicated to implement and is not really an initial goal of Docusaurus. I doubt we'll make this kind of use case a priority because the ROI would be quite low considering only you ask for something like this so far.
Even if we disable the SPA navigation, prefetching and everything, the secret page bundles remain emitted, are available publicly through an URL /assets/js/bundleX.js
that hackers can guess with brute force. One solution could
A possible solution could be to colocate the page JS bundle near close the HTML file. This way even if the JS bundle is referenced in a map, it can't be downloaded if you protect the /docs/top-secret/birthday-party-plans
path. It is probably possible to use configureWebpack
plugin lifecycle today to achieve that.
Note that we also have a goal make Docusaurus work without any JS. We are far from done yet but HTML/CSS is improving, and if JS can be considered as a progressive enhancement, we could simply bypass React hydration, use regular links, and only emit HTML/CSS files. Track #3030
Hydrating React and disabling the SPA soft-navigation for all links just because you have one or a few secret routes doesn't really seem like a good idea to me overall. This degrades the whole user experience for users who only browse public pages, is not so easy to implement and this feature probably has very low traction among our users.
from docusaurus.
from docusaurus.
Thanks
So you want only some pages to be "protected".
Are all the logged-in users of your site able to access the exact same pages, or each user can see a different set of protected pages?
from docusaurus.
from docusaurus.
I'm not sure to understand sorry 😅
If logged in users see the exact same content, you could build the same site in 2 variants, one public, one authenticated. Then deploy both to a CDN and use a Middleware proxy to serve one site or the author depending on auth status. For example, try Vercel + edge Middleware or Cloudflare + Worker.
from docusaurus.
from docusaurus.
Building 2 sites will give a better experience in this case IMHO, because it would be secure and you would keep the SPA behavior, which is important not only to improve the navigation experience but also to preserve the state when navigating. For example, if you navigate through regular links, the docs sidebar items collapsed state would reset.
I would do something like:
VARIANT=public docusaurus build --out-dir build/public
VARIANT=private docusaurus build --out-dir build/private
Based on env variables you could use include
/ exclude
params in the docs plugin to choose which docs to include.
Then I would use a Vercel Edge auth middleware. You'd have to figure out the details but here are some refs and examples:
- https://vercel.com/docs/functions/edge-middleware/middleware-api
- https://github.com/vercel/examples/tree/main/edge-middleware
I guess something like this could work:
import { rewrite } from '@vercel/edge';
export default function middleware(request: Request) {
const url = new URL(request.url);
if (isAuthenticated(req)) {
url.pathname = "/private" + url.pathname;
}
else {
url.pathname = "/public" + url.pathname;
}
return rewrite(url);
}
Now it's your responsibility to implement the isAuthenticated() method
.
Note: you shouldn't use baseUrl: '/public/'
and baseUrl: '/private/'
when building because, even though the files will be deployed under a subpath, you'd still serve them from the root without any prefix.
Now if you want you can also keep the prefix in the URL and use a redirect instead of a rewrite.
And you are not forced to use subpaths either. Using subdomains like private.myDoc.com
and public.myDoc.com
or whatever else you want can also work with both subpath and subdomains strategies.
from docusaurus.
Related Issues (20)
- Broken anchors: page not scroll to the right section HOT 8
- Index pages cannot be generated with an automatically generated siderbar HOT 1
- Document solution to "docs last update" date being rendered incorrectly when published through Vercel
- Customizing admonitions not work HOT 3
- When testing on StrictMode, the bar remains on the top HOT 1
- Node.js building getting stuck HOT 2
- Updating to @mdx-js/react 3.0.1 causes admonition blocks to stop rendering colored box HOT 8
- The <!--truncate--> line in my long blog post on the initialized website is not causing the blog post size to be limited. HOT 1
- Add trailing slash to auto generated sitemap.xml for directories only HOT 3
- blogTitle not working HOT 4
- Algolia Contextual Search Generates Incorrect FaceFilters HOT 6
- Multi-Instance Routes Not Working in v3.2.1 HOT 3
- Home page renders twice, one below the other. HOT 1
- Details elements aren't searchable - a11y issue HOT 8
- WARN 1 deprecated subdependencies found: [email protected] HOT 1
- npm run build fails when nmetadata are missing HOT 3
- Broken link transformation HOT 2
- Ability to Skip Homepage and Directly Access Feature Page HOT 1
- Light/Dark Mode issues on older versions of Safari 12,13, and 14 HOT 3
- Problems with locale url on homepage and blog HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docusaurus.