1

I've seen many examples of how to add an authentication middleware to certain routes that need to be restricted to logged-in users (implying that the default is to allow anyone to access pages), but I can't tell how to make all routes by default require being logged-in, and selectively choose certain routes among those that should be available to anonymous users.

Any ways to make it work like this? I'm using Express 4.

user779159
  • 9,034
  • 14
  • 59
  • 89

1 Answers1

0

I would use: https://github.com/expressjs/session once the user is authenticated then you can check for valid sessions in your controller that handles the route of express.

Updated Answer

This is how I would do the control user logged

/**
 * Module dependencies
 */

var express = require('express'),
  http = require('http'),
  session = require('express-session'),
  app = module.exports = express();

/**
 * Configuration
 */

// all environments
app.set('port', process.env.PORT || 3000);
app.set('trust proxy', 1);
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: {
    secure: true
  }
}));


function checkUserLoggedIn(req, res, next) {
  return req.session;
}
/**
 * Routes to control by default is logged in with a regular expression
 */
app.get('/user/:use_id/*', function (req, res, next) {
  if (checkUserLoggedIn(req)) {
    console.log('User logged');
    next();
  } else {
    console.log('error');
  }
});
/**
 * User Home
 */
app.get('/user/:use_id/home/', function (req, res, next) {
  if (checkUserLoggedIn(req)) {
    console.log('User logged goes to home');
    next();
  } else {
    console.log('error');
  }
});


/**
 * Home for user that is actually logged
 */
app.get('/guest/dashboard', function (req, res, next) {
  console.log('This is guest dashboard');
});

/**
 * Home for user that is actually logged
 */
app.get('/guest/home', function (req, res, next) {
  console.log('This is guest home');
});


/**
 * Start Server
 */
http.createServer(app).listen(app.get('port'), function () {
  console.log('Express server listening on port ' + app.get('port'));
});

Then run

$ node app.js

Go to browser and access http://localhost:3000/home

The regular expression you defined in to control '/*' is getting all the defaults routing and then is going to the next route that matches, thats /home.

This is one way to do it, may be there is a better and more clear way to fit the issue. In the regular expression you control what you mean with default routes and for each case particular.

juan garcia
  • 1,326
  • 2
  • 23
  • 56
  • Seems this case is similar to this: http://stackoverflow.com/questions/18739725/how-to-know-if-user-is-logged-in-with-passport-js At the end you don't need cujojs/meld as it is explained in this related issue. – juan garcia Nov 01 '15 at 19:57
  • But this middleware you've written is put on routes that need to be protected right? I'm asking about making the default to require all routes to be protected and only make exceptions for the ones that don't need protection. – user779159 Nov 01 '15 at 21:13
  • I added some sample code, you can control default for all routes, you can define your own default criteria with reg exp. The control for session is very simple, but you can just put the criteria you want in that case too. – juan garcia Nov 01 '15 at 22:12
  • Thanks, so if you wanted to add some additional routes to your example that can be accessed by non-logged in users, how would you do it? The only way I can think of would be that the `/*` route pattern would need to specifically exclude each unprotected route from its pattern, which seems quite tedious. – user779159 Nov 02 '15 at 05:53
  • You are right it will be quite tedious to have routes that include and excludes certain services it is also bad for consuming for the client. I think it will be a good option to provide a certain way to differentiate both cases. /user/:user_id/* will match everything for user and those services you will read as "Service home for user of a certain id" /guest/* will match everything for user and those services you will read as "Services for guest for a certain things." Hope it helps, if you found a better way please share it. – juan garcia Nov 02 '15 at 12:01