A few questions pertaining to make a more HTTP dependent application


#1

I am using Restivus on one application to make an API that will be consumed by another “client only” application in Meteor. So I have a log in page like this.

Template['Auth.login'].events({
  'submit form#login-form': function (ev, template) {
    HTTP.post('localhost:3000/api/v1/login', {
      user: $(ev.target).find('input[name="email"]').val(),
      password: $(ev.target).find('input[name="password"]').val()
    }, function (error, response) {
      if (!error) {
        Session.set('headers', {
          'X-Auth-Token': response['data']['authToken'],
          'X-User-Id': response['data']['userId']
        });
        FlowRouter.go(Session.get('next') || '/dashboard');
      }
    });
  }
});

Here’s the first problem: can I attach these headers to all subsequent HTTP calls implicitly? Eg, instead of using HTTP.get(‘url’, { headers: Session.get(‘headers’) }), just have it do it by default. kind of like an $http.interceptors in angular

Also, it seems every time a reload happens, my session is cleared. is this the right place to keep these headers? Am I using it wrong?

Finally, how do I know when my login token expires? It seems restivus uses Accounts._generateStampedLoginToken(). How can I extract when it expires and make a hook for when it expires? Eg, in pseudocode:

onTokenExpiration = function () {
  FlowRouter.go('/login', {
    message: "Your token expired"
  });
}