stackoom
  简体   繁体   中英

How can we implement an admin panel in nodeJS with express?

 原文  2020-04-19 22:39:25       javascript/ node.js/ express/ mongoose/ basic-authentication

Question

I am making a Portfolio application with nodeJS and express. I want to implement an admin panel which I can create,delete, update and edit my skills,experience,about etc, but I don't know how can I keep those admin routes secret and what kind of authentication to make.If we can do by putting Basic authentication on post,patch,delete route then how will we implement basic authentication on routes.

index.js 

const express = require('express');
const app = express();
var cors = require('cors');

require('./db/mongoose')
const menuRouter = require('./routers/menu')
const skillRouter = require('./routers/skill')
const aboutRouter = require('./routers/About')
const experienceRouter = require('./routers/Experience')
const resumerouter = require('./routers/Resume')
const userRouter = require('./routers/user')
const port = process.env.PORT || 4000;
app.use(express.json());
app.use(cors());

app.use(menuRouter);
app.use(skillRouter);
app.use(aboutRouter);
app.use(experienceRouter);
app.use(resumerouter);
app.use(userRouter)
app.listen(port, () => {
    console.log("Server is runing on port" + port)
});

skill.js

const express = require('express');
const Skill = require('../model/skill');
const router = new express.Router();
router.post('/skill', async (req, res) => {
    const skill = new Skill(req.body);

    try {
        await skill.save();
        res.status(201).send(skill);
    } catch (e) {
        console.log(e);
        res.status(400).send(e);
    }

})
router.get('/skill', async (rq, res) => {

    try {
        const skill = await Skill.find({});
        res.status(201).send(skill);
    } catch (e) {
        res.status(400).send(e);
    }


})

module.exports = router;

2 answers

solution1
 2 ACCPTED  2020-04-19 23:24:36

As specified in the comments, I would refactor your code a bit, seems messy and you're kind'a repeating yourself every line you import a route, so, you should do it better as well...

have an index.js file in your /routers folder with the content of the demo repo I've made for other StackOverflow question

then, to separate things, I would do something like:

const routes = require('./routes')
...
const protectRouteWithApiKey = (req, res, next) => {
    const auth = req.headers['x-apikey']
    if (auth && auth === '<YOUR API KEY>') return next()
    return next(new Error('403 | Authorization is missing or value is wrong'))
}
...
app.use('/api', protectRouteWithApiKey, routes) // point to your routes and protect access
app.use('/', defaultEngine) // your engine to render html

you would then have a protected route in /api/* and normal routes for everything else

solution2
 0  2020-04-19 23:12:48

A middleware where you detect if the logged user is the admin?

In this sample checking by the email, and you can save the adminemail as a global variable

ensureAdmin: function(req, res, next) {
    if (req.isAuthenticated()) {
      if (req.user.email === adminemail) {
        return next();
      } else {
        return res.redirect('/adminsecretroute');
      }
    }
    res.redirect('/');
  }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Implement an admin panel in AngularJS edit a product from admin panel of eCommerce website project using nodejs with express.js, hbs and mongodb How can i identify if user is admin or not in Express? How to we do dynamic-scoping to implement transaction tracing in NodeJs? How can I mount MVC nodejs + express How can i upload a picture with nodejs and express? How can we separate route of admin and user? How can we create PDF in Nodejs How can implement the function as asynchronous in nodejs How can I change default url in my admin panel?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM