Redirect to login
-
I think it's better if you don't use filter:middleware.render. Since that is called all the way at the end of the request. In your plugin you can add a handler before everything else and redirect if user isn't allowed. Something like below.
plugin.init = async (params) => { params.router.use(function (req, res, next) { if (req.loggedIn || allowedUrls(req.url)) { return next(); } return Helpers.redirect(res, '/login');); };
Let me know if this works.
-
Though this works, it also redirects every call for assets (images, stylesheets etc). So I get a site without CSS.
Maybe another hook is more appropriate?
I also have another function that redirects to the profile page if some information is not properly filled in.
So the overarching question is not to lock people out, it's more about how to divert a user based on some conditions. For instance, we have to require the users full name, so if it's not filled out, they get redirected to their profile edit page and asked to fill it in.
EDIT: I forgot to tag you @baris.
-
Seems like reverting to callbacks resolves it. I really wanted this to work with async/await, since callbacks will sooner or later be phased out I guess.
library.checkLoginStatus = (data, callback) => { if (data.req.loggedIn || allowedUrls(data.req.url) ) { callback(null, data); } else { Helpers.redirect(data.res, '/login'); } };
-
I also tried to use the helper function notAllowed, but I get the same result. Redirects to
/login
but get errors in the log that data is undefined and there is nocatch()
.library.checkLoginStatus = async (data) => { if (data.req.loggedIn || allowedUrls(data.req.url) ) { return data; } return Helpers.notAllowed(data.req, data.res); };
-
Hello @baris and @magnusvhendin
I would like to update my module nodebb-plugin-private-forum that should do exactly what you are trying to archive.
But it seems it is not working well with v1.16.2 and I need some help on the Hook declaration.I understand that I need to use
response:router.page
, but how exactly?
Is this ok for you?plugin.json
{ "id": "nodebb-plugin-private-forum", "url": "https://github.com/LM1LC3N7/nodebb-plugin-private-forum", "library": "./library.js", "hooks": [{ "hook": "response:router.page", "method": "init" }] }
library.json
'use strict'; const plugin = {}; var winston = module.parent.require('winston'); const helpers = require.main.require('./src/controllers/helpers'); plugin.init = async (data) => { const allowedPages = /\/(assets\/|login|register|reset|plugins\/).*|.*(.css|.js)$/; winston.verbose("[plugin-nodebb-private-forum] Checking URL ("+ req.url +"), redirection."); # Allow only few pages or logged in users if (data.req.loggedIn || allowedPages.test(req.url)) { return data; } # else redirect to /login. winston.verbose("[plugin-nodebb-private-forum] User is NOT logged or URL is NOT allowed."); return Helpers.notAllowed(data.req, data.res); }; module.exports = plugin;
I can't see any of the debug log messages containing accessed URL
-
@baris I'm also trying this and it works with SSO also. However now I can't logout and use /login?local=1 to log the admin account as above method force only use /login and it use the sso. Any clue, hint to avoid this?
I use the code in here
https://github.com/LM1LC3N7/nodebb-plugin-private-forum/blob/master/library.js -
Hello @jalathpc_demo
I tried to create a patch:
https://github.com/LM1LC3N7/nodebb-plugin-private-forum/releases/tag/v1.3.1I no longer have a NodeBB instance, so let me know if it works (I am honestly not sure, as
/logout
should be allowed as you are logged in.It would be interesting to check if
req.loggedIn
is correctly set when using SSO. This could be why the plugin is not working as you need.NPM link: https://www.npmjs.com/package/nodebb-plugin-private-forum/v/1.3.1