Refactor auth handling
Large parts of auth handling have been refactored to improve maintainability and performance:
Room access control
- Room role mappings are no longer cached in localStorage.
- New API endpoints are used to retrieve room memberships and room summaries (basic info + stats). Instead of querying data for each room individually they are now fetched in bulk.
- Membership and summary data is only loaded once and cached in-memory until the cache is invalidated though a client-side or WebSocket (implementation not final / server-side implementation missing) event.
- Room authorization handling was moved to a new
RoomMembershipService
. - Account management methods were moved to user service.
-
Authorization
header is only overridden if it wasn't already set. -
UserRole
is now a string-based enum (code constructs likeuser.role < 3
are no longer allowed). Templates can now use the string and now longer need to hard-code anumber
. - The
AuthenticationGuard
now returns anObservable
. - A Resolver is used to pass the role for viewing to components.
- Use helper methods in components to check the role (instead of component fields).
App-wide authentication handling
-
ClientAuthentication
is now used throught the app and replaces theUser
class. Previously, it was only used to handle the API response.User
was basically the same asClientAuthentication
with a few additional properties which became obsolete properties which became obsolete. -
AuthenticationService
'sgetUser
,getUserAsSubject
andwatchUser
methods have been replace with a singlegetAuthentication
method which returns anObservable<ClientAuthentication>
. Internally, a higher-orderObservable
is used to emit changes to authentication as a stream. - The logic of
AuthenticationService
's login-related methods have been refactored. Instead of returning the stringstrue
,false
andactivation
, aClientAuthenticationResult
is return which contains the status and the auth object if successful. -
refreshLogin
logic has been refactored to reuse code for normal logins. - An
APP_INITIALIZER
is used to initialize authentication at startup.
Known issue
- Role-based, conditional rendering for elements of the header bar no longer works (e.g. session ID in comment list for room owner).
Edited by Daniel Gerhardt