I'm trying to do simple autorization using array to imitate database. For example I have array with two people:
const users = [{
info: 'First person',
login: 'firstPerson',
password: '11111111',
role: 'member'
}, {
info: 'Second person',
login: 'secondPerson',
password: '22222222',
role: 'admin'
}
];
They have different roles: member and admin, which means that they redirect to different pages after entering login and password. Here is my form:
<form action='/categories' method='post'>
<div >
<input type="text" name="username"
maxlength="15" minlength="4" pattern="^[a-zA-Z0-9_.-]*$"
id="username" required autocomplete="off">
</div>
<div >
<input type="password" name="password"
minlength="8" id="password" required autocomplete="off">
</div>
<div >
<button
type="submit">Enter</button>
</div>
</form>
I'm using Node.js and Express.js to build an application. Here I have one problem. Member should be redirected to page localhost:3000/categories. Admin should be redirected to page localhost:3000/choice. I need to deny access to this pages if users(member or admin) are not logged in(error if user enter pages localhost:3000/categories or localhost:3000/choice before logging in page localhost:3000). For example, for categories i do such thing(app.js file):
app.get("/", function(req, res) {
res.render("autorization"); }); //my form is located in this autorization.ejs
app.get("/categories", function(req, res){
const login = req.body.username;
const password = req.body.password;
if(!login || !password){
res.status(401).send("You are not autorized!");
}
else{
res.render("categories1");
}
});
I can't do the same for choice cause I'm not able to paste two actions in my form(only action='/categories'
). Here is my post request:
app.post("/categories", function(req, res) {
let USER = {
login: req.body.username,
password: req.body.password,
role: 'member'
};
if (users.some(user => {
if (req.body.username === user.login && req.body.password === user.password) {
USER = user;
return true;
} else
{
return false;
}
})) {
if (USER.role === 'member') {
res.render("categories1");
} else {
res.redirect('/choice');
}
} else{
res.redirect("/alert");
}
});
How can I do such thing?
CodePudding user response:
use proper authentication that check username and password with your users array that you provide like as below. you can use passport authentication for batter option.
const users = [{
info: 'First person',
login: 'firstPerson',
password: '11111111',
role: 'member'
}, {
info: 'Second person',
login: 'secondPerson',
password: '22222222',
role: 'admin'
}
];
app.get("/categories", function(req, res){
const login = req.body.username;
const password = req.body.password;
if(!login || !password){
res.status(401).send("You are not autorized!");
}
else{
let result = users.find(o => o.username === login); //here you can check for password also.
if(result.role=='member'){
res.render("categories1");
}else{
res.render("choice");
}
}
});
CodePudding user response:
Assuming you want to keep your login form as it is, and change the logic slightly on the backend, so you can
- Create a common action route i.e
/auth/login
- Authenticate the user and identify its respective role from the database (admin, member)
- On successful auth redirect the user to
/category
or/choice
page according to their respective role
Here's how it should be in my opinion
Frontend
<form action="/auth/login" method="post">
<div >
<input
type="text"
name="username"
maxlength="15"
minlength="4"
pattern="^[a-zA-Z0-9_.-]*$"
id="username"
required
autocomplete="off"
/>
</div>
<div >
<input
type="password"
name="password"
minlength="8"
id="password"
required
autocomplete="off"
/>
</div>
<div >
<button type="submit">
Enter
</button>
</div>
</form>
Backend
app.post("/auth/login", function(req, res) {
const login = req.body.username;
const password = req.body.password;
if(!login || !password){
return res.status(401).send("You are not autorized!");
}
const user = QueryInDatabase({ username: login, password: password });
if(!user) {
return res.status(404).send("User not found")
}
let url = '/categories'; /* Keeping this as default redirect route */
/* If role is admin, change the redirect url to /choice */
if(user.role === 'admin') {
url = '/choice';
}
return res.redirect(url)
})