Menu

In ExpressJS we can create middleware to check if a user is authenticated.

Assuming the use of express-session for the management of user sessions, what we have to do is check if it is present in the current session a property that indicates the successful authentication by the user.

Se questa proprietà non è presente o non possiede il valore atteso, possiamo reindirizzare l'utente alla pagina di login.

'use strict';

module.exports = (req, res, next) => {
    if (!req.session.isLoggedIn) {
        return res.redirect('/login');
    }
    next();
};

The middleware thus created can be used as an argument in the definition of our routes. To apply it to a specific route we can write:

'use strict';

const app = require('express')();
const auth = require('./middleware/auth');
const PORT = process.env.PORT || 3000;

app.get('/backend', auth, (req, res, next) => {
    //...
});

app.listen(PORT);

To apply it to a group of routes we can use it as the middleware of a Router object.

'use strict';

const express = require('express');
const router = express.Router();
const auth = require('../middleware/auth');

router.use(auth);

router.get('/', (req, res, next) => {
    //...
});
router.get('/files', (req, res, next) => {
    //...
});
router.get('/orders', (req, res, next) => {
    //...
});

module.exports = router;

At this point in the main file we define the mount point of our router within the app.

'use strict';

const app = require('express')();
const auth = require('./middleware/auth');
const PORT = process.env.PORT || 3000;
const adminRoutes = require('./routes/admin');

app.use('/backend', adminRoutes);

app.listen(PORT);

This way the /backend route and all its child routes will be protected by our authentication middleware.

Share: