2

I am writing a 'todolist' web application. In my server side code(node.js) I use passport middleware to allow a user to login with facebook. Some of my server side code: 

var passport = require('passport')
, FacebookStrategy = require('passport-facebook').Strategy;

passport.use(new FacebookStrategy({
clientID: '5669xxxxxxxxxx',
clientSecret: '555022xxxxxxxxxxxxxxxxx',
callbackURL: 'http://www.localhost:3000/Todolistpage.html'
},
   function(accessToken, refreshToken, profile, done) {
       User.findOrCreate(..., function(err, user) {
          if (err) { return done(err); }
          done(null, user);
          });
       }
));

//Authentication
app.get('/auth/facebook', passport.authenticate('facebook'));

app.get('/auth/facebook/Todolistpage.html',
passport.authenticate('facebook', { successRedirect: '/Todolistpage.html',
                                  failureRedirect: '/' }));

1) I don't know what the "User.findOrCreate(.." part does, which is used in the passport documentation for facebook here.

2) My homepage is at localhost:3000/ and the page providing the app is at localhost:3000/Todolistpage. I use express middleware also and Todolistpage.html is a file in my client side folder.

So how do I prevent someone from just plugging in localhost:3000/Todolistpage.html and getting access to it when they are not logged in? Btw logging in from the homepage with Fb works fine and redirects one to localhost:3000/Todolistpage.html.

Any answers appreciated.

Zimbabaluba
  • 588
  • 1
  • 8
  • 24
  • 1
    For your first question, have a look at this post: http://stackoverflow.com/questions/20431049/what-is-function-user-findorcreate-doing-and-when-is-it-called-in-passport – nbro Jan 11 '16 at 19:13
  • 1
    answer #2 can be found in this post : http://stackoverflow.com/questions/9213707/express-resources-with-authentication-middleware – Jean.R Aug 02 '16 at 08:42

0 Answers0