Expose a way that users can handle site auth

[bitspittle]

On traditional sites, the server can handle authentication. For context, see: https://ktor.io/docs/authentication.html

To get auth in ktor to work, you need to install authentication and then wrap various routes with "authentication" blocks.

However, Kobweb sets up the routes for you without giving the user access to them.

So the question is...

1. Is this still a relevant feature for something like Kobweb where you download the whole site at once and do mostly client-side navigation?

2. Would this be better handled using a Kobweb server plugin? Or by writing a kobwebx library that people can use to manage logged in states?

[bitspittle]

A possible approach for Kobweb server plugins would be to add a method that looks something like this:

fun wrapRoute(path: String, block: () -> Unit): (() -> Unit)?

By default, this would return null, but you might be able to add something like this:

return if (path.startsWith("/protected")) {
   return {
      basic_auth { content() }
   }
} else null

[bitspittle]

Meanwhile, a client-side implementation could look something like this:

@Page
@Auth
@Composable
fun AdminPage() { ... }

and would be interesting to tag a whole subdir as protected by auth as well.

Alternately, just a simple library function like:

@Page
@Composabe
fun AdminPage = requireAuth {

}

but that approach wouldn't make it trivial to tag a whole subdir as protected by auth.

[bitspittle]

It's possible that this feature would benefit from "Kobweb Spidering", the tentative name I have for separating server components apart (so that if you link inside your site to example.com/admin, it will forcefully download new content instead of navigating internally in the JS already pulled down)

[bitspittle]

Could be worth seeing how Android Compose apps handle auth