0

I'm working on a node-red project with uibuilder node. It's basically [html, css, js(with vue)] pages.

I want to make the login authorization part where each user opens the allowed pages only.

How can I achieve that? by tokens? by permitting direct access to pages using URL?

P.S. I'm new to this part of web and I tried searching but couldn't find what I need.

wohlstad
  • 12,661
  • 10
  • 26
  • 39
Verina
  • 11
  • 3
  • IMHO the best/simplest way to do this kind of stuff is backend authentication. Save any unique hash on user login, then ask (on backend side) on every page if you have said token and if so, allow access. – Kajbo Nov 24 '20 at 15:05

1 Answers1

0

I searched a lot, all was dead-end until I found this question Detect if page was redirected or loaded directly(Javascript)

Instead of getting into trouble with tokens, and checking at each page if it is valid or not.

I permitted accessing any page (except the login) by the URL. If you want to access a page, it's only by redirecting.

I achieved that by checking a variable at page loading if the page has history or not. if no history, it is redirected to the login page. I added this part to my vue-js file:

window.onload = function() {
        if(document.referrer == "") window.location.href = "http://localhost:1880/Login/login.html";
}

P.S. If all the Internet said preventing accessing by URL is impossible, Don't be disappointed. Search more, because it's actually possible.

Verina
  • 11
  • 3
  • So if I want to hack your site all I need to do is write `window.location.href = ...` in order to get access to any page on your site? Does not seem like the best solution. – Kajbo Nov 24 '20 at 15:03
  • 1
    [Can I rely on Referer HTTP header?](https://stackoverflow.com/questions/8319862/can-i-rely-on-referer-http-header) – kmoser Nov 24 '20 at 15:18