On page 52, the topic of “Protecting Sensitive Routes” is introduced with this snippet from router.ex
:
scope "/", PentoWeb do
pipe_through [:browser, :require_authenticated_user]
live_session :require_authenticated_user,
on_mount: [{PentoWeb.UserAuth, :ensure_authenticated}] do
live "/users/settings", UserSettingsLive, :edit
live "/users/settings/confirm_email/:token",
UserSettingsLive, :confirm_email
live "/guess", WrongLive
end
end
Then on page 60, the following snippet is shown for router.ex
:
scope "/", PentoWeb do
pipe_through [:browser, :require_authenticated_user]
live_session :require_authenticated_user,
# Specify the shared on_mount callback here
on_mount: [{PentoWeb.UserAuth, :ensure_authenticated}] do
live "/users/settings", UserSettingsLive, :edit
live "/users/settings/confirm_email/:token",
UserSettingsLive, :confirm_email
live "/guess", WrongLive
end
end
The only difference I can see is the addition of the # Specify the shared on_mount callback here
comment.
So what I am confused by is what has changed that enables us to remove the user = Accounts.get_user_by_session_token(session["user_token"])
, session_id: session["live_socket_id"],
and current_user: user
lines from wrong_live.ex
per this guidance on page 60: “With this in place, we can remove the auth code from the WrongLive’s own mount function.”
I have re-read this section several times, but I am still not understanding what that comment (# Specify the shared on_mount callback here
) means, since those two router.ex
code snippets are otherwise identical.