I have admin role and when I block some user, I want to log the user out immediately. req.session.destroy() is not the case as it log out me. Thanks in advance.
app.js
mongoose.connect('mongodb://127.0.0.1/nodeblog_db', {
useNewUrlParser: true,
useUnifiedTopology: true,
});
app.use(expressSession({
secret: 'testotesto',
resave: false,
saveUninitialized: true,
store: connectMongo.create({mongoUrl : 'mongodb://127.0.0.1/nodeblog_db'})
}))
// parse application/x-www-form-urlencoded
app.use(bodyParser.urlencoded({ extended: false }))
// parse application/json
app.use(bodyParser.json())
login route
router.get('/login', (req, res) => {
res.render('site/login');
});
router.post('/login', (req, res) => {
const { email, password } = req.body;
User.findOne({ email }, (error, user) => {
if (user) {
user.comparePassword(password, (matchError, isMatch) => {
if (matchError) {
throw matchError;
}
else if (isMatch) {
req.session.userId = user._id; //**************
res.redirect('/');
}
else if (!isMatch) {
res.redirect('/users/login');
}
})
}
else {
res.redirect('/users/register');
}
});
});
My User Model I have a banned field in my database. When I want to block a user, I set that field as true.
const mongoose = require('mongoose');
const bcrypt = require("bcryptjs");
const UserSchema = new mongoose.Schema({
username: { type: String, required: true, unique: true },
email: { type: String, required: true, unique: true },
password: { type: String, required: true },
verified: { type: Boolean, default: false },
auth: { type: String, default: false },
banned: { type: Boolean, default: false }
});
UserSchema.pre("save", function (next) {
const user = this
if (this.isModified("password") || this.isNew) {
bcrypt.genSalt(10, function (saltError, salt) {
if (saltError) {
return next(saltError)
} else {
bcrypt.hash(user.password, salt, function (hashError, hash) {
if (hashError) {
return next(hashError)
}
user.password = hash
next()
})
}
})
} else {
return next()
}
})
UserSchema.methods.comparePassword = function (password, callback) {
bcrypt.compare(password, this.password, function (error, isMatch) {
if (error) {
return callback(error)
} else {
callback(null, isMatch)
}
})
}
module.exports = mongoose.model('User', UserSchema);
I use this code to check if user is logged in:
if(req.session.userId){
//the user is logged in
}
CodePudding user response:
So The Default way I would try solving this is to add a middleware after the auth check
This is because am sure its gonna contain req.session.userId = user._id;
// Import Your Db Model
const checkBan = (req,res,next)=>{
// If you don't pass your user state into req.user
User.findOne({ _id:req.session.userId }, (error, user) => {
if(error){
next(err)
}else{
// The User Would have been authenticated
// Therefore User exist
if(user.banned){
// User Is Banned so handle it as you like
res.send("Your Account is banned - other messages")
}else{
// Users Aren't Banned so continue
next()
}
}
})
}
module.exports = checkBan;
You Can Now Import this After your Authentication checker middleware on routes you want the banned user to be unable to access
Now when you change the state to ban its renders this message and hinders any further interaction with your system from the user