I’ve been searching on GitHub the past few days for good examples of ReasonReact apps authenticating against a server API. It seems like it should be a very common pattern but ReasonML is still new and there is a relative lack of examples like this in the wild.
The most complete example I’ve found so far is the RealWorld app here: https://github.com/gothinkster/reasonml-realworld-example-app
It’s a few months old at this point (using RR 0.2.4, deprecated bs-director, lack of labeled params, etc) and hasn’t been RFCed by the ReasonML community yet to be an “official” RealWorld implementation. I was wondering if the pattern used in src/login.re
(requesting token from server) and src/effects.re
(saving it to localStorage using Dom.Storage
) and src/jsonRequests.re
(reading from localStorage on every subsequent request to add to authorization headers) is a good pattern.
Seems like it would work but a little concerned about security (XSS/CSRF/etc) and whether it is a good idiomatic way of doing it. Maybe the token should be stored to a cookie or saved in Reductive (all other non-userdata fetched locally/passing down props the recommended way) or have server-side sessions or something else. I’m thinking of using NextJS SSR which doesn’t allow localStorage and requires cookies anyway.
I’m trying to keep my frontend and backend (Elixir/Phoenix/Absinthe-GraphQL) strictly decoupled but I guess I could render the initial page (and maybe the login functionality) from server templates if necessary to set the cookie also. There are good examples on doing this with Vue/Nuxt https://nuxtjs.org/examples/auth-routes and React/Next https://github.com/zeit/next.js/tree/canary/examples/with-apollo-auth or https://github.com/iaincollins/nextjs-starter, https://github.com/iaincollins/next-auth, etc but I really want to use ReasonML instead!
Does anyone know of a better OSS example ReasonReact project I could study to implement server login / tokens?
Thanks!