bennadel/authenticated.cfm

## authenticated.cfm
<cfscript>

	// For the sake of simplicity, all the "logged-in" pages will be rendered as this
	// page, using the "v" value to differentiate.
	param name="url.v" type="string" default="home";

</cfscript>
<cfmodule template="./tags/page.cfm">
	<cfoutput>

		<h2>
			Page For #encodeForHtml( url.v.ucfirst() )#
		</h2>
		<p>
			<a href="authenticated.htm?v=home">Home</a> &mdash;
			<a href="authenticated.htm?v=activity">Activity</a> &mdash;
			<a href="authenticated.htm?v=profile">Profile</a> &mdash;
			<a href="oops.htm">Oops Page</a>
		</p>
		<p>
			This is the <strong>page content</strong> for
			<mark>[ #encodeForHtml( url.v )# ]</mark>.
		</p>

		<!---
			FRAME LEVEL page navigation options. These are all the same links; however,
			since they are defined inside a Turbo Frame, the are automatically scoped to
			the Turbo Frame instead of using a top-level navigation.
		--->
		<turbo-frame id="my-frame">
			<h3>
				Inside A Turbo Frame
			</h3>
			<p>
				<a href="authenticated.htm?v=home">Home</a> &mdash;
				<a href="authenticated.htm?v=activity">Activity</a> &mdash;
				<a href="authenticated.htm?v=profile">Profile</a> &mdash;
				<a href="oops.htm">Oops Page</a>
				( <a href="oops.htm?useStream=true">with Stream</a> )
			</p>
			<p>
				This is the <strong>frame content</strong> for
				<mark>[ #encodeForHtml( url.v )# ]</mark>.
			</p>
		</turbo-frame>

	</cfoutput>
</cfmodule>

## oops.cfm
<cfscript>

	// If the UNAUTHORIZED request is being made OUTSIDE OF ANY TURBO FRAME, then we can
	// simply redirect the user back to the login page, the same way that we might for any
	// other ColdFusion application using an authentication / authorization wall.
	if ( ! request.turbo.isFrame ) {

		location( url = "./index.htm", addToken = false );

	}

	// ------------------------------------------------------------------------------- //
	// ------------------------------------------------------------------------------- //

	// If the UNAUTHORIZED request is being made INSIDE A TURBO FRAME context, then
	// returning a redirect gets a bit tricky. The redirect will apply to the Turbo Frame
	// itself, not to the entire page. I'm not sure that there is a "right way" to do
	// this. For this demo, I'm going to return a static value (indicating the logged-out
	// state) with the option to also render a custom Turbo Stream element that performs
	// an automatic redirect.
	param name="url.useStream" type="boolean" default=false;

	header
		statusCode = 401
		statusText = "Unauthorized"
	;

</cfscript>
<cfoutput>
	<!--- Make sure to echo the correct frame ID. --->
	<turbo-frame id="#encodeForHtmlAttribute( request.turbo.frame )#">

		<p>
			You've been logged-out.
			<a href="./index.htm" data-turbo="false">Please login</a>
			to continue using the app.
		</p>

		<!---
			If the stream flag is enabled, this custom action will perform an automatic
			redirect of the top-level page.
		--->
		<cfif url.useStream>
			<turbo-stream
				action="visit"
				data-url="./index.htm">
			</turbo-stream>
		</cfif>

	</turbo-frame>
</cfoutput>
	<cfscript>

	// For the sake of simplicity, all the "logged-in" pages will be rendered as this
	// page, using the "v" value to differentiate.
	param name="url.v" type="string" default="home";

	</cfscript>
	<cfmodule template="./tags/page.cfm">
	<cfoutput>

	<h2>
	Page For #encodeForHtml( url.v.ucfirst() )#
	</h2>
	<p>
	<a href="authenticated.htm?v=home">Home</a> —
	<a href="authenticated.htm?v=activity">Activity</a> —
	<a href="authenticated.htm?v=profile">Profile</a> —
	<a href="oops.htm">Oops Page</a>
	</p>
	<p>
	This is the <strong>page content</strong> for
	<mark>[ #encodeForHtml( url.v )# ]</mark>.
	</p>

	<!---
	FRAME LEVEL page navigation options. These are all the same links; however,
	since they are defined inside a Turbo Frame, the are automatically scoped to
	the Turbo Frame instead of using a top-level navigation.
	--->
	<turbo-frame id="my-frame">
	<h3>
	Inside A Turbo Frame
	</h3>
	<p>
	<a href="authenticated.htm?v=home">Home</a> —
	<a href="authenticated.htm?v=activity">Activity</a> —
	<a href="authenticated.htm?v=profile">Profile</a> —
	<a href="oops.htm">Oops Page</a>
	( <a href="oops.htm?useStream=true">with Stream</a> )
	</p>
	<p>
	This is the <strong>frame content</strong> for
	<mark>[ #encodeForHtml( url.v )# ]</mark>.
	</p>
	</turbo-frame>

	</cfoutput>
	</cfmodule>
	<cfscript>

	// If the UNAUTHORIZED request is being made OUTSIDE OF ANY TURBO FRAME, then we can
	// simply redirect the user back to the login page, the same way that we might for any
	// other ColdFusion application using an authentication / authorization wall.
	if ( ! request.turbo.isFrame ) {

	location( url = "./index.htm", addToken = false );

	}

	// ------------------------------------------------------------------------------- //
	// ------------------------------------------------------------------------------- //

	// If the UNAUTHORIZED request is being made INSIDE A TURBO FRAME context, then
	// returning a redirect gets a bit tricky. The redirect will apply to the Turbo Frame
	// itself, not to the entire page. I'm not sure that there is a "right way" to do
	// this. For this demo, I'm going to return a static value (indicating the logged-out
	// state) with the option to also render a custom Turbo Stream element that performs
	// an automatic redirect.
	param name="url.useStream" type="boolean" default=false;

	header
	statusCode = 401
	statusText = "Unauthorized"
	;

	</cfscript>
	<cfoutput>
	<!--- Make sure to echo the correct frame ID. --->
	<turbo-frame id="#encodeForHtmlAttribute( request.turbo.frame )#">

	<p>
	You've been logged-out.
	<a href="./index.htm" data-turbo="false">Please login</a>
	to continue using the app.
	</p>

	<!---
	If the stream flag is enabled, this custom action will perform an automatic
	redirect of the top-level page.
	--->
	<cfif url.useStream>
	<turbo-stream
	action="visit"
	data-url="./index.htm">
	</turbo-stream>
	</cfif>

	</turbo-frame>
	</cfoutput>