Can I disable the web app or password protect the entire app?

Get Help
1

Hello everyone,
I wanted to know how we can restrict access to the app.

By subscribing Pro, we can have Android APK without publishing it to the store. However, the web version is public by default.

Can I disable the web app by using some features like custom domains?
Or, can I password protect the entire app by using some components?

I really need to control access due to my company’s security policy.

Thanks in advance.

2

Hi @asi,
I usually protect the PWA with setting a boolean on the user. For example you can set an action when visiting the screen and also a visibility condition on the most sensitive components to add an extra layer of security.

I am dealing with an app that has bank accounts and invoices and I have same security issue.

As an example, if user is not marked as logged-in, it is then redirected to a 404 screen.

image

image
image356×793 16.1 KB

There was also another suggestion by @Victor I believe in checking if email existed. Can’t remember in which topic now, need to check or he can give more details :slight_smile: .

3

Hi @JL_LJ,
Thank you for your kind help.

The following steps came to my mind for protecting the entire app:

  • Remove the sign-up page to prevent uninvited guests from signing-up to the app.
  • Mark all known users as logged-in by setting Logged-in = true as a new property in the Users database.
  • Make all pages have a Link action to the log-in page.
  • Make the action happen if Logged In User > Logged-in is false.

If it works as expected:

  • An uninvited guest tries to enter the app.
  • The page tries to get a Logged-in property of the guest.
  • The page judges Logged-in = false for the guest because the guest is not even in the Users database.
  • The Link action of the page redirects the guest to the log-in page.

If my understanding is correct:

  • The point is, pages can identify a visitor is a known user or an uninvited guest just by trying to get a logged-in property.
  • This identification may be accomplished by trying to get an E-mail property and checking whether it contains “@”. However, it leads to unwanted redirection of users without an E-mail property. That’s why we need to add Logged-in property with the same value “true” for all users .

Please confirm if my understanding is correct.
Thanks.

4

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.