Extension: JavaScript Navigation route guards

gareth_jones13

Hi there,

We're currently working on an extension for one of our clients that integrates with stripe, essentially, a user must be subscribed to have access to the forums.

All of our stripe set up is working fine, however we want to redirect unsubscribed users to a subscribe route that we have set up. We have this working from a back-end perspective however, because of the SPA it doesn't redirect them if they go to another page while on the SPA. Is there a method to add a route guard to check if the user is subscribed before the route changes?

Similar to that of Vue.js' Navigation guards;

https://router.vuejs.org/guide/advanced/navigation-guards.html

datitisev

gareth_jones13 You might be able to accomplish this by extending the init method of the Page component (source). Not sure what the best method would be. There might be a way to hook onto mithril's route handling, which is what Flarum uses.

Not sure if you need any code examples for the JS or not.

EDIT: I just saw a similar, if not the same question, was asked earlier today on a different account - https://discuss.flarum.org/d/22559-conditionally-guarding-routes-in-the-front-end.

zyronix

gareth_jones13 What I ended up doing was giving the end-user options to choose from (SPA is a given)

a standard config route that opens their self-scripted/designed page inside flarum's content boundaries. This came with the security-related drawback of restricting the exact location of the Stripe.JS credit card input, or Google/Apple Pay Now buttons, or most other modern payment gateway input methods / forms
a redirect modal that brings a dialogue up similar to the signup form, while also taking advantage of Stripe.js2 and PCMA industry standards. SSL will be needed for stripe to deliver you a payment intent token to securely store payment information on their servers. another config route to a custom billing page that shows an overview of what is offered, a portal for managing payment methods, and reviewing invoices (my choice)
(don't) route them to an off-site Stripe Express Checkout page - this is not a popular choice with online shoppers, especially today with 1-click buy on every site. If people are going to purchase access to your site, they don't want an external transaction link to some random woman in France.
it sounds like you haven't made it quite that far yet- these guidelines apply to flarum's SPA or anyone else's for that matter - the unforgiving block should start on the backend and trickle to your feature/content pitch. Restrict individual post access to a certain group and tag via model visibility scopes (hooking into serializer events worx)

For a secure gateway limited in partial areas, it will require 1- data lock/preventation on backend from protected assets 2-frontend UI/routing adjustments changes +in addition to a workaround for receiving Stripe's webhooks. I think @clarkwinkelmann and @datitisev both gave a nice contrast to what you should expect. i have a few demos up that demonstrate the process from start to finish, buyer to owner, month to month, etc. Once you get passed the little permission constraints, you'll see getting the system to be self-sustainable and maintenance-free (high transaction volume + safe/reliable/trusted) becomes less of a Stripe problem and more of a core content/design+delivery issue.

If you have a team excited early on about "All of our stripe set up is working" i hope they share my enthusiasm as well after all- none of my concerns were ever if (or how good) Stripe works - it just does. I am more interested in your steps after fixing permissions.

gareth_jones13

datitisev one of my colleagues haha!

clarkwinkelmann

You can also take inspiration from how the Terms extension or email confirmation block access to the forum and show a banner. They block users by setting them as guest, then add a banner on the pages directing them to where they can unlock/enable their account.

luceos

Would either or both of you be able to get in touch with me, it's always great whom to direct extension development requests to if you are interested. Feel free to hit me up on discord.

gareth_jones13

luceos What is the discord server?

[deleted]

gareth_jones13 https://flarum.org/discord/

victorywolf

great !