GumptionWare
Programming Phoenix LiveView B10.0: Confused about Protecting Sensitive Routes (pages 52 - 60)
On page 52, the topic of “Protecting Sensitive Routes” is introduced with this snippet from router.ex:
scope "/", PentoWeb do
pipe_through [:browser, :require_authenticated_user]
live_session :require_authenticated_user,
on_mount: [{PentoWeb.UserAuth, :ensure_authenticated}] do
live "/users/settings", UserSettingsLive, :edit
live "/users/settings/confirm_email/:token",
UserSettingsLive, :confirm_email
live "/guess", WrongLive
end
end
Then on page 60, the following snippet is shown for router.ex:
scope "/", PentoWeb do
pipe_through [:browser, :require_authenticated_user]
live_session :require_authenticated_user,
# Specify the shared on_mount callback here
on_mount: [{PentoWeb.UserAuth, :ensure_authenticated}] do
live "/users/settings", UserSettingsLive, :edit
live "/users/settings/confirm_email/:token",
UserSettingsLive, :confirm_email
live "/guess", WrongLive
end
end
The only difference I can see is the addition of the # Specify the shared on_mount callback here comment.
So what I am confused by is what has changed that enables us to remove the user = Accounts.get_user_by_session_token(session["user_token"]), session_id: session["live_socket_id"], and current_user: user lines from wrong_live.ex per this guidance on page 60: “With this in place, we can remove the auth code from the WrongLive’s own mount function.”
I have re-read this section several times, but I am still not understanding what that comment (# Specify the shared on_mount callback here) means, since those two router.ex code snippets are otherwise identical.
Marked As Solved
SophieDeBenedetto
Thanks for all the feedback! The upcoming beta release of the book should include the following:
- An initial version of the mount function in GuessLive that looks up the current user and adds them to socket assigns
- A clarification that the ‘guess’ live route will already be added to the live session that uses the generated ensure_authenticated on_mount function from the start
Popular Pragmatic Bookshelf topics
Modern Front-End Development for Rails - application does not start after run bin/setup (page xviii)
Other popular topics
Categories:
Sub Categories:
Popular Portals
- /elixir
- /rust
- /ruby
- /wasm
- /erlang
- /phoenix
- /keyboards
- /python
- /js
- /rails
- /security
- /go
- /swift
- /vim
- /clojure
- /haskell
- /java
- /emacs
- /svelte
- /onivim
- /typescript
- /kotlin
- /c-plus-plus
- /crystal
- /tailwind
- /react
- /gleam
- /ocaml
- /flutter
- /elm
- /vscode
- /ash
- /html
- /opensuse
- /zig
- /centos
- /deepseek
- /php
- /scala
- /react-native
- /textmate
- /lisp
- /sublime-text
- /debian
- /nixos
- /agda
- /django
- /kubuntu
- /arch-linux
- /deno
- /nodejs
- /revery
- /ubuntu
- /spring
- /manjaro
- /lua
- /diversity
- /markdown
- /julia
- /slackware
Devtalk Sponsors
Practical resources that improve the lives of professional developers.
We build trusted fault-tolerant systems that scale to billions of users.
Real-time error tracking, performance insights, and observability for devs.
Supporting innovation across the BEAM ecosystem.
We build reliable cloud platforms for business-critical systems.
Develop your skills with books, videos, and courses.
Catch errors, track performance, monitor hosts and more.
Enabling companies to succeed by building software people love.
Courses that move you from confusion to "Aha, now I get it!"