To implement login auth in Node.js, we add a middleware to check for authentication and a login and logout route.
For instance, we write
const checkAuth = (req, res, next) => {
if (!req.session.userId) {
res.send("You are not authorized to view this page");
} else {
next();
}
};
app.get("/my_secret_page", checkAuth, (req, res) => {
res.send("You are logged in");
});
app.post("/login", (req, res) => {
const post = req.body;
if (post.user === "john" && post.password === "johnspassword") {
//...
req.session.userId = userId;
res.redirect("/my_secret_page");
} else {
res.send("Bad user/pass");
}
});
app.get("/logout", (req, res) => {
delete req.session.userId;
res.redirect("/login");
});
to define the checkAuth
middleware function to check for the userId
property in the session
.
If it’s set, then the user is logged in and we call next
.
Otherwise, we call res.send
to return an error response.
Then we add the /my_secret_page route with app.get
.
We call checkAuth
before calling the route handler to check for authentication before sending the response.
Next we add the /login route that checks for the user
and password
from the req.body
request body.
If they match, then we set req.session.userId
since the user is authenticated.
And we call redirect
to the /my_secret_page route.
Otherwise, we send an error response.
Finally, we add a /logout route that deletes the userId
from req.session
and redirect to /login