I used express generator and am confused as to why I cannot use the users.js routes file for my login routes.
I created the POST route below and if I leave it in app.js it works fine. However, if I move it into users.js and try to use
app.use('/login', users)
where users is :
var users = require('./routes/users');
from app.js to reference it, I get errors that there is no post route to /login. Why does this happen ?
app.post('/login', function(req,res) {
var user = req.body.user;
db.User
.authenticate(user.email, user.password)
.then(function (user) {
req.login(user);
res.redirect("/"); // redirect to user profile
});
});
You're mounting a router that handles /login to the path /login.
This results in the URL /login/login.
You probably want to make the inner router handle /.
Related
I am trying to setup a multi language website with Express and NodeJs. My problem is I get redirected what it feels like 100 times and my browser is giving me a error that the webpage is not working because it redirected me too many times.
app.js
app.use('/', (req,res,next) => {
res.redirect('/en-US');
next();
});
app.use('/:lang', indexRouter);
app.use('/:lang/users', usersRouter);
index.js (indexRouter)
var express = require('express');
var router = express.Router();
/* GET home page. */
router.get('/', function(req, res, next) {
res.render('index');
});
module.exports = router;
The problem is that this route handler:
app.use('/', (req,res,next) => {
res.redirect('/en-US');
next();
});
will get hit for not only /, but also /en-US. app.use() matches any route handler for which the path is equal to or a subset of the requested path. So, the browser requests "/", you redirect to "/en-US", which then redirects to "/en-US" and so on, an infinite loop.
I don't know the overall URL design of your site to know what the best overall solution is. You can prevent the infinite redirect loop by just changing app.use() to app.get():
app.get('/', (req,res,next) => {
res.redirect('/en-US');
});
But, that will make the redirect only work for GET requests which may or may not be OK. If you want all HTTP verbs to redirect, you could change to app.all():
app.all('/', (req,res,next) => {
res.redirect('/en-US');
});
The important thing to understand here is that app.get(), app.post(), app.all(), etc... all require an exact match for the URL path, whereas app.use() just requires a subset match. This is a little understood aspect of the Express design.
In addition, remove the call to next() after you do res.redirect(). At that point, you've sent the response, you don't want any other request handlers to see the request. You're done with routing.
under your app.js
Try using
app.use('/', router )
How about you try dealing with the '/' route through the app.js directly instead of index.js
I'm creating an app using node, express, and have a passport authorization middleware implemented for all routes-. I am following a highly modular approach to build my app. I try to exclude specific APIs from authentication when I include them above the authorization middleware. But when I include app.use('/', require('./api/search/index')); above the authorization middleware, APIs beneath stop working.
Criticism and suggestion are all welcome for this approach and what can I do to resolve this problem.
I don't want to include route middleware in each route like this
route.get('/example', auth.middleware(), function (req, res) {
})
Below is my app approach with single authorization middleware for all routes
var express = require('express');
var bodyParser = require('body-parser');
var app = express();
var auth = require("./auth.js")();
app.use(auth.initialize());
//Excluding the search API from Authentication,
app.use('/', require('./api/search/index'));
//Middleware for all APIs and require Auth headers for authrization access
app.use(auth.authenticate(), function (req, res, next) {
if (req.headers.authorization && req.user) {
var parted = req.headers.authorization.split(' ');
if (parted.length === 2) {
console.log(req.user);
next();
} else {
return res.status(403).send({
success: false,
msg: 'Unauthorized.'
});
}
} else {
return res.status(503).send({
success: false,
msg: 'Bad Request'
});
}
});
//Join routers
app.use('/', require('./api/users/index'));
app.use('/', require('./api/product/index'))
app.use('/', require('./api/company/index'))
There are a million ways you can do this. What you can do is this:
app.use('/', require('./api/search/index'));
app.use('/', auth.authenticate(), require('./api/users/index'));
app.use('/', auth.authenticate(), require('./api/product/index'))
app.use('/', auth.authenticate(), require('./api/company/index'))
This way, the auth.authenticate() middleware will be applied to every child route you are requiring. And you leave the index without anything. This gives you a more granular control of where you apply the auth middleware, without having to apply it to every single route. You can take this to another level and group several routes inside a /admin/ and apply the middleware only once. Your imagination is the limit.
You can block your routes together using express.Router. For instance, you could have a route called "/api/secure" and then create a router for that route and group all secure routes there. and then have another for unsecured routes'
Express Router Docs
I'm fairly new to node.js and trying to make a simple website which first asks the authentication and then redirects the user to a page.
so, what i do is that i create a middleware which listenes to every request made to my website.
what this middleware does that it checks if the the user is logged in with my website or not is yes then redirect to the requested page if not, then redirect to the login page, here is my code for that.
var express = require('express');
var app = express();
// middleware for using static files
app.use('/public', express.static(__dirname + '/public')); // all the js files for check_before.html
app.use('/templates', express.static(__dirname + '/templates')); // here are css/js files for login.html
// setting up views folder
app.set('views', __dirname + '/views'); // check_before.html is sitting here
app.engine('html', require('ejs').renderFile);
app.set('view engine', 'html');
app.use((req, res, next) => {
res.render('check_before.html');
// here in the html I implement the logic using js files which are located in public folder.
next();
});
// if not logged in , the user gets here
app.get('/login', (req, res, next) => {
res.render('login.html')
});
// if logged in redirect to some page
app.get('/welcome_page', (req, res) => {
return 'welcome'
});
everything goes well untill the user hits the http://localhost:8000/login page (after the check if they are signed in or not) the page keeps on loading multiple times and it won't stop reloading.
I have defined all the css, js files of login.html page in the templates folder which is loaded above the middleware by reffereing to this question
Express middleware getting called many times. could that be a problem?
what could be the reason for this?
here is the error i'm getting in the console.
Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client
any guesses?
Edit1
I went through this question Error: Can't set headers after they are sent to the client , and i guess it concludes that setting headers explicitly could be problematic.
Could this be a reason? because in my logic if the user is not signed In, I'm just using window.location.replace('http://localhost:8000/login') to redirect the user to login page.
should I use any another method for redirection?
Edit2
There are suggestions that i must write a middleware to check is the user is authenticated or not, and get a sort of flag for that, but as i've stated above that i'm implementing the logic in check_before.html(client side). so it won't be possible to use that.
I have two guesses:
You shouldn't call send (or any other function )after res.render.
Middleware to verify user is logged in should be something like this (applied only to routes you want to verify user)
Middleware should be something like this
const isAuthenticated = (req, res, next) => {
if(req.isAuthenticated()) {
next();
} else {
res.redirect('/');
}
}
app.get('/welcome_page', isAuthenticated, (req, res) => {
return 'welcome'
});
The reason is that middleware is called before your /login request. To fix it, you need to modify your middleware function. It should be something like:
app.use((req, res, next) => {
if(isLoggedIn) { //isLoggedIn is a flag that checks whetehr user is logged-in or not
res.render('check_before.html');
} else {
// here in the html I implement the logic using js files which are located in public folder.
next();
}
});
I'm working on a NodeJS project, and using Express as my routing framework.
I have a register form in my site, and a login form, both of which send requests to /users (/register and /login respectively). However, I would like to be able to have /users/:userID as routes to see profiles of different users, but of course, this routes imply that I have a session_id for every logged in user.
My question is, how can I use app.use('/users', checkForSessionId), without applying it to register and login?
This is where you need to use middleware
app.js
var users = require('./routes/user');
app.use('/users', users);
./routes/user.js
var express = require('express');
var router = express.Router();
function checkForSessionId(req, res, next){
//if no valid session
// return res.status(401).json("not authorised");
//else
next();
}
router.get('/:userId', checkForSessionId, function(req, res){
//this is a route which requires authentication
})
router.post('/register', function(req, res){
//authentication is not necessary
})
module.exports = router;
I have a ExpressJS app that is using Passportjs to authenticate with Facebook and everything is working as expected exception for one issue.
I have vehicle.js under /routes/ which contains some routes (router.gets and router.posts) that need authentication and some that don't. If user is logged in then every request handled by vehicle.js causes User de-serialization which is a Mongoose lookup. How can I avoid these unnecessary Mongoose lookups when request is made to a router.get and/or router.post that do not need authentication?
I have already looked up this SO question and it does not address my problem (I have declared static resources above passport, so they are not authenticated).
Passport configs in app.js are shown below:
// Configuring Passport
var passport = require('passport');
var expressSession = require('express-session');
app.use(expressSession({secret: 'thisIsSecret'}));
app.use(passport.initialize());
app.use(passport.session());
// Using the flash middleware provided by connect-flash to store messages in session
// and displaying in templates
var flash = require('connect-flash');
app.use(flash());
// Initialize Passport
var initPassport = require('./passport/init');
initPassport(passport);
//passing passport object could be the reason why all requested that are
//mapped in vehicle cause user de-serialization. Not sure if there is any
//alternative approach than following line that passes passport??
var vehicle = require('./routes/vehicle')(passport);
The following isAuthenticated is in vehicle.js
var isAuthenticated = function (req, res, next) {
if (req.isAuthenticated())
return next();
// if the user is not authenticated then redirect him to the login page
res.redirect('/vehicle/api/login');
}
Followed by a series of routes that handle logging in, logging out, as well as some actions on vehicle.
module.exports = function(passport) {
router.get('/api/login', function(req, res) {
res.render('vehicle/login', { message: req.flash('message') });
});
router.post('/api/login', passport.authenticate('login', {
successRedirect: '/vehicle/api/list/mine',
failureRedirect: '/vehicle/api/list',
failureFlash : true
}));
...
...
...
router.post('/api/upload', isAuthenticated, function(req, res) {
//this route needs to be authenticated, so it works fine,
//deserialization done, mongoose lookup, no problem
});
router.get('/api/image/:vehicleId/:filename', function(req,res) {
//this route does not need authentication, but causes User
//de-serialization and Mongoose lookup
});
return router;
}
Is it because of the following line that every request to vehicle.js causes User de-serialization when a user is logged in?
var vehicle = require('./routes/vehicle')(passport);
One way to avoid such unnecessary de-serialization would be to separate routes that do not need authentication from vehicle.js to a different file and do not pass that passport object to that file (as it is passed to vehicle.js in app.js). I don't know if that is the correct way to resolve this issue.
You can wrap the passport middleware inside a custom middleware that only invokes it for your specified routes. So Instead of:
app.use(passport.session());
you could:
app.use(function(req, res, next){
if(req.url.match('api/image'))
next(); // do not invoke passport
else
passport.session()(req, res, next)
// same as doing == app.use(passport.session())
});
If you use passport.session() middleware, deserialize will happen for every route:
https://github.com/jaredhanson/passport/blob/33075756a626999c6e2efc872b055e45ae434053/lib/strategies/session.js#L53-L69
The solution would be to add it only to ones which use passport.