Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/dreancaste/TriviaPP/llms.txt

Use this file to discover all available pages before exploring further.

AuthGuard is an Angular route guard that sits in front of every protected feature in TriviaPP. Before Angular renders a guarded page, the guard asynchronously checks whether the current device session contains a valid AWS Amplify authenticated user. If a session is found the navigation proceeds normally. If not, the guard cancels the navigation and redirects the player to /login. This prevents unauthenticated access to the trivia game, leaderboard, match history, and player profile without requiring any manual token inspection in individual components.

How It Works

AuthGuard implements Angular’s CanActivate interface and is provided in the root injector, making it available to any route in the application without additional module imports. When Angular evaluates a route that declares canActivate: [AuthGuard], it calls canActivate() before resolving the component. The method delegates to AuthService.getCurrentUser(), which internally wraps Amplify’s getCurrentUser() function. If the call resolves with a user object the guard returns true and Angular proceeds with the navigation. If the call resolves with null — or throws because no active Cognito session exists — the guard calls this.router.navigate(['/login']) and returns false, aborting the intended navigation. 
@Injectable({
  providedIn: 'root'
})
export class AuthGuard implements CanActivate {
  constructor(
    private authService: AuthService,
    private router: Router
  ) {}

  async canActivate(): Promise<boolean> {
    const user = await this.authService.getCurrentUser();

    if (user) {
      return true;
    }

    this.router.navigate(['/login']);
    return false;
  }
}

Protected Routes

The following routes declare canActivate: [AuthGuard] in app-routing.module.ts and require an authenticated Amplify session to load:
PathModule
homeHomePageModule
profileProfilePageModule
triviaTriviaPageModule
rankingRankingPageModule
historyHistoryPageModule

Unprotected Routes

The following routes have no canActivate guard and are accessible to any user regardless of authentication state:
PathReason
loginSign-in entry point — must be reachable when logged out.
registerNew account creation — must be reachable before any session exists.
wikiPublic Star Wars encyclopedia — intentionally open for unauthenticated browsing.
wiki/charactersWiki child route — inherits the public status of its parent.
wiki/filmsWiki child route — inherits the public status of its parent.
wiki/planetsWiki child route — inherits the public status of its parent.
wiki/detail/:type/:idWiki child route — inherits the public status of its parent.

Session Persistence

AuthService.getCurrentUser() calls Amplify’s getCurrentUser() under the hood. Amplify manages the Cognito session tokens (access token, ID token, refresh token) automatically in device storage. When the app is reopened after a previous login, Amplify silently restores the session from storage and getCurrentUser() resolves with the existing user — so players are not prompted to log in again after closing and relaunching the app.
If a Cognito token expires and cannot be refreshed (for example, if the refresh token has also expired or the user has been disabled in the user pool), getCurrentUser() will reject and the guard will redirect to /login. This is expected behaviour and ensures stale sessions cannot access protected data.
No manual JWT parsing, token storage, or expiry checking is required in application code. The guard trusts Amplify’s session resolution entirely.
For instructions on configuring AWS Amplify and the Cognito user pool that backs this guard, see the AWS Amplify Auth configuration guide.

Build docs developers (and LLMs) love

Get started for freeTalk to us