Roles are employee and admin. i have created api that is generating token now i want to add roles on login means if employee logged in he should be directed towards respective pages and admin should be directed towards respective pages. I have created separate table for roles now i want to know how the things work and how to add roles with the login credentials.to join the register table with roles in order to login i am using a mutual column which is internal_id .
here is my API which i created in nodejs.
login: (req, res ) =>{
const body = req.body;
getUserByUserEmail(body.email, (err, results) => {
if(err) {
console.log(err);
}
if(!results) {
return res.json({
success : 0 ,
message : "Invalid Email or Password"
});
}
const result = compareSync( body.password, results[0].password);
if (result) {
results.password = undefined;
const jsontoken = sign({ result: results }, "qwe123", {expiresIn : "3h"});
return res.json({
success : 1 ,
message : "Login Succesfully!",
token : jsontoken
});
}
else{
return res.json({
success : 0 ,
message : "Invalid Email or Password"
});
}
});
}
this is the code how i am getting email and password from employee table.
getUserByUserEmail : (email , callBack) =>{
pool.query(
`select * from employee where email = ? `,
[email],
(error, results, fields) => {
if(error){
return callBack(error);
}
return callBack(null, results);
}
)
}
As a security consideration, I would like to suggest that your SQL query select * from employee where email = ?
be more specific and only retrieve the information you need, eg: select internal_id, password from employee where email = ?
As regards your mapping of roles: I won't provide a code-for-you. But using the stored internal_id you retrieved when authenticating, add a function like getRoleByUserID
where you search select role from roles where internal_id = ?, [stored_id_from_auth_query]
. Then run a case or if/else statements to generate your view based on the returned role.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.