Basically the application after a succefull login its saves a cookie that its checked if exist on every application request by hooks.server.ts. When you try to access private data through url, its automatically check if you have a token and if it grants you access to read it. This access control can be made by +page.server.ts for each page.
The first step to event.locals recognize user its to create a User type on ./src/lib/types.ts and register user type on ./src/app.d.ts
// ./src/app.d.ts
// See https://kit.svelte.dev/docs/types#app
// for information about these interfaces
// and what to do when importing types
declare namespace App {
// interface Error {}
interface Locals {
user: import('$lib/types').User | undefined;
}
// interf`ce PageData {}
// interface Platform {}
}This file will run when the application starts up. Inside the hooks.server.ts, handle function tries to get jwt cookie that its created when you successful log in ./src/pages/login/+page.svelte
import type { Handle } from '@sveltejs/kit';
export const handle: Handle = async ({ event, resolve }) => {
const jwt = event.cookies.get('jwt');
event.locals.user = jwt && JSON.parse(atob(jwt));
const response = await resolve(event);
return response;
};In this example profile its a protected route, to prevent unauthorized access the logic can be made like the example bellow:
export const load: PageServerLoad = ({ locals }) => {
if (!locals.user) throw redirect(302, '/login');
return {
user: locals.user
};
};username: a@a.com password: a
https://stackblitz.com/github/augustoedt123/sveltekit-authentication