Would like to ask a question regarding nodeJS redirects and maybe rendering.
app.js
In my app.js, I have these codes, which works well.
app.get('/dashboard', routes.dashboard);
app.get('/error/404', error.notFound);
Then, going further into the methods of
error.notFound
Which works well too when you load it from the URL
exports.illegal = function(req, res){
var authLevel = '';
var entityName = '';
var entityId = '';
var deviceId = '';
if (req.session.authorizationLevel) authLevel = req.session.authorizationLevel;
if (req.session.name) entityName = req.session.name;
if (req.session.entityId) entityId = req.session.entityId;
if (req.session.deviceId) deviceId = req.session.deviceId;
res.render('error/illegal', {
title: 'Illegal'
, viewClass: 'illegal'
, ngController : ''
, entityName : entityName
, entityId : entityId
, deviceId : deviceId
, authorizationLevel : authLevel
});
};
routes.dashboard
Which works well too when you load it from the URL
exports.dashboard = function(req, res){
//Method for authorization, see below. This is giving me error.
authorizationHelper.authorizationLevels(req, res, 400);
var authLevel = '';
var entityName = '';
var entityId = '';
var deviceId = '';
if (req.session.authorizationLevel) authLevel = req.session.authorizationLevel;
if (req.session.name) entityName = req.session.name;
if (req.session.entityId) entityId = req.session.entityId;
if (req.session.deviceId) deviceId = req.session.deviceId;
res.render('dashboard', {
title: 'Dashboard'
, viewClass: 'dashboard'
, ngController: 'dashboardController'
, entityName : entityName
, entityId : entityId
, deviceId : deviceId
, authorizationLevel : authLevel
});
};
Here's the tricky part that is giving me some error.
//Method for authorization, see below. This is giving me error.
authorizationHelper.authorizationLevels(req, res, 400);
authorizationHelper
This method will check if user is allowed to view the page, else it will redirect
exports.authorizationLevels = function(req, res, levelRequired){
if (req.session.authorizationLevel < levelRequired || !req.session.authorizationLevel){
//user is not allowed to view the page, redirect to illegal page
res.redirect('/error/401');
}
}
The problem is, everything works fine from the top to this res.redirect('/error/401') and sometimes, on the server, it will not render the page but instead, it will render a whole bunch of HTML text and some headers!!!
Please help!
You could change
exports.authorizationLevels = function(req, res, levelRequired) {
if (req.session.authorizationLevel < levelRequired || !req.session.authorizationLevel){
//user is not allowed to view the page, redirect to illegal page
res.redirect('/error/401');
}
}
to
exports.authorizationLevels = function(req, res, levelRequired) {
if (req.session.authorizationLevel < levelRequired || !req.session.authorizationLevel){
//user is not allowed to view the page, redirect to illegal page
res.redirect('/error/401');
return false;
}
return true;
}
and
authorizationHelper.authorizationLevels(req, res, 400);
to
if (!authorizationHelper.authorizationLevels(req, res, 400))
return;
That will prevent the rendering of your dashboard in case of unauthorized access.
Also, you might consider centralizing your error handling so that you just install an error handler middleware ((err, req, res, next)) and do your error template rendering there (while simply doing next(401); and such on errors in your route handlers), unless you want them to see the /error/401 and such URLs in the browser.