What do you set as index page, if running your marketing site on the main domain via another platform but the app via Wappler?

Hey all,

We are going to be running our marketing site separate to Wappler built web-app. So the structure will be www.marketingsite.com and then Wappler will be app.marketingsite.com, for example.

We are building a SPA with Wappler- and when looking at the security aspects, @George recommends setting security restrict on index page - so I’m curious what everyone who is in the same scenario as us would put as the index page, just the login / sign up? or a main logged in page like /dashboard for example?

I would probably suggest the login/sign up page, and then redirecting to the main app if the user is already logged in.

Your index page should be the main/home page of your site/app. Use the security features to redirect to a login page if not logged in. Once logged in, they should be redirected to the index page.

The OP isn’t using Wappler for the marketing site. They are just using it for the app, so your solution doesn’t help.

So in your case, let’s say after login a user is normally taken to app.webapp.com/dashboard - you would put /dashboard as the index page and if they are not logged in redirect to /login ?

Thank you for this. So, I could use index as the login page, keep /signup separate and then if they try to access a secure page (still gotta figure out how to secure if someone just writes in the URL and doesn’t go via the index page) I just redirect to login?

I would have a (at least) two pages…first page (which can have many content pages inside if you like) would have no security. Another page, has security attached with all the app pages within.

Yes, or do what @mebeingken has suggested.

Hey Ken, thank you for replying.

I think I’m a little lost here, I know I’m created a SPA and using Node.js, and I have 3 layout’s, but I have 10+ views so far - so I don’t really follow what you mean by ‘all app pages within’ - would you mind explaining for the amateur in the room… me!

We’re all an amateur with something! Mine is node…haven’t had time to jump into that, but excited to do so.

So in my php world, I would have index.php as a page (by page I mean a head page) and it can be an SPA with a login content page inside of it using a route. If you have other pages requiring public access, they too can go in there. Then you have app.php which has security constraints, and routes to all the content pages of the app.

So I guess what I’m saying is, I’m not much help if you’re using node.

What is your purpose of going the SPA route? If you are using Node.js the templating system is much easier than creating and managing a SPA.

I’ve just read through a SPA article on here - I’d say I’m actually using Node.js and it’s templating system, and NOT a SPA - what I’ve done is the following:

3 Layouts (App Layout), Public Page Layout, Login/Sign Up page layout
Then all my content pages as ‘views’ and as I create the view page, I select the template (layout).

Looking at the SPA design, which uses ‘sections’ on a single page, i’d say I am in fact not creating a SPA.

Which is fine. I just thought I was… I need a face palm emoji.

So, this should be easier for me to secure each individual page? Just assign a security action to the app connect for the app layout page, or on each content page (view) ? My security action is: DB Connect > Security Provider > Security Restrict.

Subdomains(app and www) are managed via DNS so we can get that out of the equation.

app.yourdomain.com is where it all happens.

If you are using node model you will be using routing. Therefore the concept of an index page is kind of obsolete although it exists in node. As a curiosity deno(nodejs “successor”) eliminated the concept of index page.

If you want your dashboard to live in root ~/ you would secure that page and redirect to your login view if not allowed.

Thanks @JonL.

I think the reason why I thought I might be creating a SPA - is that when I view the security restrict documentation here: https://docs.wappler.io/t/security-restricting-access-to-your-page/2853 - I don’t have the option on the page to actually secure the page, so I know this is very basic stuff - but I’m getting a little tripped up with how to effectively secure my app pages, I can’t seem to get it to work whichever way I try!

For node that’s managed via routing now. You can attach a Server Connect to a route. In that SC you would create the access logic. So whenever someone hits that route the SC would execute and redirect to login if not authorized.

@JonL life saver, got this working now. Thank you.

Thank you everyone else, too for helping me out - especially helping me to discover i’m not actually building a SPA