I am using Restivus on one application to make an API that will be consumed by another “client only” application in Meteor. So I have a log in page like this.
Template['Auth.login'].events({
'submit form#login-form': function (ev, template) {
HTTP.post('localhost:3000/api/v1/login', {
user: $(ev.target).find('input[name="email"]').val(),
password: $(ev.target).find('input[name="password"]').val()
}, function (error, response) {
if (!error) {
Session.set('headers', {
'X-Auth-Token': response['data']['authToken'],
'X-User-Id': response['data']['userId']
});
FlowRouter.go(Session.get('next') || '/dashboard');
}
});
}
});
Here’s the first problem: can I attach these headers to all subsequent HTTP calls implicitly? Eg, instead of using HTTP.get(‘url’, { headers: Session.get(‘headers’) }), just have it do it by default. kind of like an $http.interceptors in angular
Also, it seems every time a reload happens, my session is cleared. is this the right place to keep these headers? Am I using it wrong?
Finally, how do I know when my login token expires? It seems restivus uses Accounts._generateStampedLoginToken(). How can I extract when it expires and make a hook for when it expires? Eg, in pseudocode:
onTokenExpiration = function () {
FlowRouter.go('/login', {
message: "Your token expired"
});
}