[英]Passport Facebook authentication for website users plus local authentication for admin
I am creating a website with node and express framework in back end, and angular in front end. 我正在创建一个网站,其中的节点和表达框架位于后端,而前端则呈角度。 I am using passport for authentication. 我正在使用护照进行身份验证。 The users of my website can login or signup using only their Facebook ID this is working so far. 我的网站的用户只能使用其Facebook ID登录或注册,到目前为止,该ID仍然有效。 Now I have to create an admin login. 现在,我必须创建一个管理员登录名。 The steps I am going to follow are- 我要遵循的步骤是-
1] Create a separate route which has some secret string at end to get to login page. 1]创建一个单独的路由,该路由的末尾有一些秘密字符串可以进入登录页面。 like localhost:8080/p08jnl
像localhost:8080/p08jnl
2] When on this page I have username and password input, where the admin enter the credentials, and would use passport local authentication for this. 2]在此页面上时,我输入用户名和密码,管理员在其中输入凭据,并为此使用护照本地身份验证 。
3] The admin routes can be accessed only after login from the admin portal, I will define a middleware isAuthenticated()
on those routes. 3]只有从管理门户登录后才能访问管理路由,我将在这些路由上定义一个中间件isAuthenticated()
。
The thing I am concerned about is, for the routes for users I had defined an isAuthenticated()
function so that only authenticated users can access those routes. 我担心的是,对于用户的路由,我已经定义了isAuthenticated()
函数,以便只有经过身份验证的用户才能访问这些路由。
Would any authenticated user be able to access the routes for admin? 任何经过身份验证的用户都可以访问管理员的路由吗?
more details on my authentication- when my website's URL is called 有关身份验证的更多详细信息-调用我的网站的URL时
'localhost:8080'
I send a page which has the Facebook authentication button on it, no angular web app is sent, when user authenticates via Facebook, then the client angular web app is sent. 我发送了一个上面带有Facebook身份验证按钮的页面,没有发送角度Web应用程序,当用户通过Facebook进行身份验证时,则发送了客户端角度Web应用程序。
I am planning to send a page ,when the admin URL is called, with username and password input fields .After successful login, the admin angular web app would be sent. 我计划发送一个页面,当调用管理URL时,请输入用户名和密码输入字段。成功登录后,将发送管理角度的Web应用程序。
Would any authenticated user be able to access the routes for admin? 任何经过身份验证的用户都可以访问管理员的路由吗?
Simply create another middleware called isAdmin , which checks if that user is an administrator. 只需创建另一个名为isAdmin的中间件,即可检查该用户是否是管理员。 Then Place the isAdmin middleware before any /admin routes (or /p08jnl routes in your case). 然后将isAdmin中间件放在任何/ admin路由(或您的情况下的/ p08jnl路由)之前。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.