I am writing a node.js server to act as a REST server proxy for another server. Basically, it is going to allow multiple websites to authenticate, and provide a REST api for them to use.
I am going to use passport.js.
Below is the relevant section from the tutorial that I have a question about:
app.post('/login',
passport.authenticate('local', { successRedirect: '/',
failureRedirect: '/login'
})
);
Is there a way to redirect to the website's root directory? The website doesn't have the same URL as the node server, so how do I tell it to redirect to the website's root directory? Or do I have to implement that logic in the website's UI Router (I am using angularJS for the framework in each of the websites), and to just check for a returned user object?
Do I also handle session expiry in the website's UI Router as well?
If I do that, how can I invalidate the session from the server side?
Let's break this down:
how can I invalidate the session from the server side?
Use redis-sessions for this. The whole control flow is to store the session id and a time stamp inside redis. You can then flush redis at every n minutes to invalidate those sessions and then have your server check against redis to ensure the current session isn't expired. That's a high level description, here is a tutorial on saving PHP sessions in Redis, the same logic will map over for your node.js application.
Is there a way to redirect to the website's root directory?
The following way is usually how I handle redirects:
response.writeHead(200, {
'Location': 'targetwebsite.com/index.html'
});
response.end();
Please let me know if you have any questions!