We have an app with the following routes
/dothis/
...//dothis routes
/dothat
...//dothat routes
/doother
...//doother routes
and a login route:
/login
and
/ //which currently actually isn't even used, would redirect to /login
Is it possible to close the routes so that actually only / and /login are accessible without authentication? Or do we need to apply a prefix to all other routes. Thanks
app.get('*', function(req, res, next) {
// console.log(everyauth);
if (!req.session.auth) {
res.redirect('/login');
} else {
next();
}
});
app.get('/login', function(req, res){
res.render('login', {
});
});
seems to work
app.all('*', Authentication, function(req, res) {
});
function Authentication(req, res, next) {
if (req is not user) {
if (req.url === '/' || req.url === '/login')
next()
}
else
next();
}
I have middleware which does exactly this: https://github.com/jaredhanson/connect-ensure-login
app.get('/dothat',
ensureLoggedIn('/login'), // redirect to /login if not logged in
function(req, res) {
// render do that;
});
It's usable stand-alone, but also integrates seamlessly with Passport, so that after login, the user will be redirected back to the URL they originally requested.