The main part of our application is our user dashboard, where our user will be able to create giftlists
. Previously, we would access a user's dashboard by passing the user id
in the dashboard URL. Obviously, there is no authentication here, and it's not a secure way of doing it.
Now we want users to log in before viewing only their own dashboard. If they go to the dashboard URL directly, they should be redirected to a login page.
We are going to handle this in stereotypical Express fashion by writing a piece of middleware to handle adding authentication for routes.
Passport gives us in-session access to check if a user is currently authenticated. We can use this to easily protect whole sections of an application, or add authentication on a route-by-route basis.
Create a new file called authenticated.js
in your utils
directory:
var authenticated = function (req, res, next) { if (req.isAuthenticated()){ ...