stackoom
  简体   繁体   中英

Securing a specific route node.js

 原文  2016-06-08 18:26:23       javascript/ node.js

Question

Hey I'm using basic auth for Node.JS to secure a route. I'm pretty new to Node.JS and don't understand what the next function does in this case. What I'm trying to do is to secure a the route: /admin/

Note: This is a project for learning purposes so the login part is not too serious and won't be used live.

authentication.js 

var basicAuth = require('basic-auth');

exports.BasicAuthentication = function(request, response, next) {

    function unauthorized(response) {
        response.set('WWW-Authenticate', 'Basic realm=Authorization Required');
        return response.send(401);
    };

    var user = basicAuth(request);

    if (!user || !user.name || !user.pass) {
        return unauthorized(response);
    };

    if (user.name === 'name' && user.pass === 'pass') {
        return next();
    } else {
        return unauthorized(response);
    };

};

and app.js where I imported the module authentication: 

app.get('/admin/', authentication.BasicAuthentication, function(req, res){
    console.log("hi u need to login");
});

So what I want to do is to route the user further if the authentication goes through.

Thanks in advance!

2 answers

solution1
 2 ACCPTED  2016-06-08 18:30:18

Try: 

app.get('/admin/', authentication.BasicAuthentication);
app.get('/admin/', function(req, res) {});

solution2
 1  2016-06-08 18:47:08

This function is known as a middleware: 

var basicAuth = require('basic-auth');

exports.BasicAuthentication = function(request, response, next) {

    function unauthorized(response) {
        response.set('WWW-Authenticate', 'Basic realm=Authorization Required');
        return response.send(401);
    };

    var user = basicAuth(request);

    if (!user || !user.name || !user.pass) {
        return unauthorized(response);
    };

    if (user.name === 'name' && user.pass === 'pass') {
        return next();
    } else {
        return unauthorized(response);
    };

};

middleware is a function that you can define for various purposes:

  1. using middleware
  2. writing a middleware

In a simple way is a function that runs before performing another action, one general purpose is to protect certain routes for unauthorized access.

You can protect private routes calling then authentication.BasicAuthentication before function(req, res) {}

Some example: 

app.get('/user-profile/', authentication.BasicAuthentication, function(req, res){
    //private info
});

app.get('/foo/', function(req, res){
    //public info
});

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Securing Node.JS APIs Node.JS Express Route results in 404 Only For a Specific Route How to expect a specific word after a route parameter in Node.js? route is not working in node.js Node.js route inheritance Securing user defined javascript function to protect node.js server Securing my Node.js app's REST API? Node.js knex - Securing the password used for logging into database Node.js: Using Socket.io in an express.js route to send message to a specific client Node.js minimal function for parsing route
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM