W
W
whiteleaf2017-10-16 16:41:26
Angular
whiteleaf, 2017-10-16 16:41:26

Am I logging in correctly?

I'm trying to make an authorization where access is supposed to be only for registered users.
I would like to hear the opinion of professionals. Am I doing it right, or is there something fundamentally wrong with it?
I'm using express-session and I'm using Mongodb as session storage.
Next, I have a line in the code that redirects all, except api, requests to the index.html page, where Angular already takes over the work.
Is this the correct approach or not?
Looking forward to comments and advice!
server.js

// Get dependencies
const express = require('express');
const path = require('path');
const http = require('http');
const bodyParser = require('body-parser');
const session = require('express-session');
const MongoDBStore = require('connect-mongodb-session')(session);

// Get our API routes
const api = require('./server/routes/api');

const app = express();

var store = new MongoDBStore(
  {
    uri: 'mongodb://localhost:27017/buildcore',
    collection: 'sessions'
  });

// Catch errors
store.on('error', function(error) {
  assert.ifError(error);
  assert.ok(false);
});

app.use(require('express-session')({
  secret: 'This is a secret',
  cookie: {
    maxAge: 1000 * 60 * 60 * 24 * 7 // 1 week
  },
  store: store,
  // Boilerplate options, see:
  // * https://www.npmjs.com/package/express-session#resave
  // * https://www.npmjs.com/package/express-session#saveuninitialized
  resave: true,
  saveUninitialized: true
}));

// Parsers for POST data
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));

// Point static path to dist
app.use(express.static(path.join(__dirname, 'dist')));
app.use(express.static(path.join(__dirname, 'views')));

// Set our api routes
app.use('/api', api);

var user;

function isAuthenticated(req, res, next) {

  user = res.session;
  console.log(user);
  //if()

  // do any checks you want to in here

  // CHECK THE USER STORED IN SESSION FOR A CUSTOM VARIABLE
  // you can do this however you want with whatever variables you set up
  if (req.user.authenticated)
    return next();

  // IF A USER ISN'T LOGGED IN, THEN REDIRECT THEM SOMEWHERE
  res.redirect('/login');
  //res.redirect('/login').sendFile(path.join(__dirname, 'dist/login.html'));
}

// Catch all other routes and return the index file
app.get('*', isAuthenticated, (req, res) => {
  res.sendFile(path.join(__dirname, 'dist/index.html'));
});

/**
 * Get port from environment and store in Express.
 */
const port = process.env.PORT || '3000';
app.set('port', port);

/**
 * Create HTTP server.
 */
const server = http.createServer(app);

/**
 * Listen on provided port, on all network interfaces.
 */
server.listen(port, () => console.log(`API running on localhost:${port}`));

api.js
const express = require('express');
const router = express.Router();

/* GET api listing. */
router.get('/', (req, res) => {
  res.send('api works');
});



module.exports = router;

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Abcdefgk, 2017-10-16
@Abcdefgk

Listen, Kogan in his old screencast about node.js on learn.javascript.ru introduces people to Noda, including using the example of making local authorization - just find the screencast, study it and do the same. (and so as not to get up twice - thanks, after all, to him for the best JavaScript tutorial in the world)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question