Answer the question
In order to leave comments, you need to log in
W
W
whiteleaf2017-10-16 16:41:26
whiteleaf, 2017-10-16 16:41:26
Am I logging in correctly?
I'm trying to make an authorization where access is supposed to be only for registered users.
I would like to hear the opinion of professionals. Am I doing it right, or is there something fundamentally wrong with it?
I'm using express-session and I'm using Mongodb as session storage.
Next, I have a line in the code that redirects all, except api, requests to the index.html page, where Angular already takes over the work.
Is this the correct approach or not?
Looking forward to comments and advice!
server.js
// Get dependencies
const express = require('express');
const path = require('path');
const http = require('http');
const bodyParser = require('body-parser');
const session = require('express-session');
const MongoDBStore = require('connect-mongodb-session')(session);
// Get our API routes
const api = require('./server/routes/api');
const app = express();
var store = new MongoDBStore(
{
uri: 'mongodb://localhost:27017/buildcore',
collection: 'sessions'
});
// Catch errors
store.on('error', function(error) {
assert.ifError(error);
assert.ok(false);
});
app.use(require('express-session')({
secret: 'This is a secret',
cookie: {
maxAge: 1000 * 60 * 60 * 24 * 7 // 1 week
},
store: store,
// Boilerplate options, see:
// * https://www.npmjs.com/package/express-session#resave
// * https://www.npmjs.com/package/express-session#saveuninitialized
resave: true,
saveUninitialized: true
}));
// Parsers for POST data
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
// Point static path to dist
app.use(express.static(path.join(__dirname, 'dist')));
app.use(express.static(path.join(__dirname, 'views')));
// Set our api routes
app.use('/api', api);
var user;
function isAuthenticated(req, res, next) {
user = res.session;
console.log(user);
//if()
// do any checks you want to in here
// CHECK THE USER STORED IN SESSION FOR A CUSTOM VARIABLE
// you can do this however you want with whatever variables you set up
if (req.user.authenticated)
return next();
// IF A USER ISN'T LOGGED IN, THEN REDIRECT THEM SOMEWHERE
res.redirect('/login');
//res.redirect('/login').sendFile(path.join(__dirname, 'dist/login.html'));
}
// Catch all other routes and return the index file
app.get('*', isAuthenticated, (req, res) => {
res.sendFile(path.join(__dirname, 'dist/index.html'));
});
/**
* Get port from environment and store in Express.
*/
const port = process.env.PORT || '3000';
app.set('port', port);
/**
* Create HTTP server.
*/
const server = http.createServer(app);
/**
* Listen on provided port, on all network interfaces.
*/
server.listen(port, () => console.log(`API running on localhost:${port}`));api.js
const express = require('express');
const router = express.Router();
/* GET api listing. */
router.get('/', (req, res) => {
res.send('api works');
});
module.exports = router; 1 answer(s)
@Abcdefgk
A
Abcdefgk, 2017-10-16 @Abcdefgk
Listen, Kogan in his old screencast about node.js on learn.javascript.ru introduces people to Noda, including using the example of making local authorization - just find the screencast, study it and do the same. (and so as not to get up twice - thanks, after all, to him for the best JavaScript tutorial in the world)
Similar questions
K
R
I
K
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question