针对网站用户的Passport Facebook身份验证以及针对管理员的本地身份验证

Question

I am creating a website with node and express framework in back end, and angular in front end. I am using passport for authentication. The users of my website can login or signup using only their Facebook ID this is working so far. Now I have to create an admin login. The steps I am going to follow are-

1] Create a separate route which has some secret string at end to get to login page. like localhost:8080/p08jnl

2] When on this page I have username and password input, where the admin enter the credentials, and would use passport local authentication for this.

3] The admin routes can be accessed only after login from the admin portal, I will define a middleware isAuthenticated() on those routes.

The thing I am concerned about is, for the routes for users I had defined an isAuthenticated() function so that only authenticated users can access those routes.

Would any authenticated user be able to access the routes for admin?

more details on my authentication- when my website's URL is called

'localhost:8080'

I send a page which has the Facebook authentication button on it, no angular web app is sent, when user authenticates via Facebook, then the client angular web app is sent.

I am planning to send a page ,when the admin URL is called, with username and password input fields .After successful login, the admin angular web app would be sent.

Answer 1

Would any authenticated user be able to access the routes for admin?

Simply create another middleware called isAdmin , which checks if that user is an administrator. Then Place the isAdmin middleware before any /admin routes (or /p08jnl routes in your case).