Home > Software engineering >  Redirect to different pages due to different roles of users
Redirect to different pages due to different roles of users

Time:06-14

I'm trying to do simple autorization using array to imitate database. For example I have array with two people:

const users = [{
        info: 'First person',
        login: 'firstPerson',
        password: '11111111',
        role: 'member'
    }, {
        info: 'Second person',
        login: 'secondPerson',
        password: '22222222',
        role: 'admin'
    }
];

They have different roles: member and admin, which means that they redirect to different pages after entering login and password. Here is my form:

<form action='/categories' method='post'>
        <div >
            <input  type="text" name="username"
            maxlength="15" minlength="4" pattern="^[a-zA-Z0-9_.-]*$"
            id="username" required autocomplete="off">
        </div>
        <div >
            <input  type="password" name="password"
            minlength="8" id="password" required autocomplete="off">
        </div>
        <div >
          <button 
          type="submit">Enter</button>
        </div>
    </form>

I'm using Node.js and Express.js to build an application. Here I have one problem. Member should be redirected to page localhost:3000/categories. Admin should be redirected to page localhost:3000/choice. I need to deny access to this pages if users(member or admin) are not logged in(error if user enter pages localhost:3000/categories or localhost:3000/choice before logging in page localhost:3000). For example, for categories i do such thing(app.js file):

app.get("/", function(req, res) {
    res.render("autorization"); }); //my form is located in this autorization.ejs


app.get("/categories", function(req, res){   
const login = req.body.username;   
const password = req.body.password;   
 if(!login || !password){
    res.status(401).send("You are not autorized!");   
}   
else{    
    res.render("categories1");  
} 
});

I can't do the same for choice cause I'm not able to paste two actions in my form(only action='/categories'). Here is my post request:

app.post("/categories", function(req, res) {
  let USER = {
    login: req.body.username,
    password: req.body.password,
    role: 'member'
  };
  if (users.some(user => {
    if (req.body.username === user.login && req.body.password === user.password) {
      USER = user;
      return true;
    } else
    {
      return false;
    }
  })) {
    if (USER.role === 'member') {
      res.render("categories1");
    } else {
      res.redirect('/choice');
    }
  } else{
    res.redirect("/alert");
  }
});

How can I do such thing?

CodePudding user response:

use proper authentication that check username and password with your users array that you provide like as below. you can use passport authentication for batter option.

const users = [{
        info: 'First person',
        login: 'firstPerson',
        password: '11111111',
        role: 'member'
    }, {
        info: 'Second person',
        login: 'secondPerson',
        password: '22222222',
        role: 'admin'
    }
];

app.get("/categories", function(req, res){   
const login = req.body.username;   
const password = req.body.password;   
if(!login || !password){
    res.status(401).send("You are not autorized!");   
}   
else{ 
   let result = users.find(o => o.username === login); //here you can check for password also.
   if(result.role=='member'){
    res.render("categories1");  
   }else{
     res.render("choice");  
   }    
} 
});

CodePudding user response:

Assuming you want to keep your login form as it is, and change the logic slightly on the backend, so you can

  • Create a common action route i.e /auth/login
  • Authenticate the user and identify its respective role from the database (admin, member)
  • On successful auth redirect the user to /category or /choice page according to their respective role

Here's how it should be in my opinion

Frontend

<form action="/auth/login" method="post">
  <div >
    <input
      
      type="text"
      name="username"
      maxlength="15"
      minlength="4"
      pattern="^[a-zA-Z0-9_.-]*$"
      id="username"
      required
      autocomplete="off"
    />
  </div>
  <div >
    <input
      
      type="password"
      name="password"
      minlength="8"
      id="password"
      required
      autocomplete="off"
    />
  </div>
  <div >
    <button  type="submit">
      Enter
    </button>
  </div>
</form>

Backend

app.post("/auth/login", function(req, res) {
 const login = req.body.username;   
 const password = req.body.password;   
 if(!login || !password){
    return res.status(401).send("You are not autorized!");   
 }

 const user = QueryInDatabase({ username: login, password: password });
 if(!user) {
    return res.status(404).send("User not found")
 }

 let url = '/categories'; /* Keeping this as default redirect route */
 
 /* If role is admin, change the redirect url to /choice */
 if(user.role === 'admin') {
   url = '/choice';
 }
 
 return res.redirect(url)
})
  • Related