NodeJS + Express: How to secure a URL
I am using latest versions of NodeJS and ExpressJS (for MVC).
I usually configure my rest paths like this, for example:
app.get(\'/archive\', routes.arch
-
A even simpler approach would be to add the following code in the App.js file.
var auth = function(req, res, next) { if(isAdmin) { return next(); } else { return res.status(400) } }; app.use('/admin', auth, apiDecrement);As you can see the middleware is being attached to the route. Before ExpressJS goes forward, it executes the function that you passed as the second parameter.
With this solution you can make different checks before displaying the site to the end user.
Best.
讨论(0) -
Yep, middleware is exactly what you want. A middleware function is just a function that works just like any other Express route handler, expept it gets run before your actual route handler. You could, for example, do something like this:
function requireLogin(req, res, next) { if (req.session.loggedIn) { next(); // allow the next route to run } else { // require the user to log in res.redirect("/login"); // or render a form, etc. } } // Automatically apply the `requireLogin` middleware to all // routes starting with `/admin` app.all("/admin/*", requireLogin, function(req, res, next) { next(); // if the middleware allowed us to get here, // just move on to the next route handler }); app.get("/admin/posts", function(req, res) { // if we got here, the `app.all` call above has already // ensured that the user is logged in });You could specify
requireLoginas a middleware to each of the routes you want to be protected, instead of using theapp.allcall with/admin/*, but doing it the way I show here ensures that you can't accidentally forget to add it to any page that starts with/admin.讨论(0) -
Like brandon, but you can also go the
connectrouteapp.use('/admin', requireLogin) app.use(app.router) app.get('/admin/posts', /* middleware */)讨论(0)
加载中...
- 热议问题