for is synchronous, so you will need to require the async library. That library has an async.each() function which is an asynchronous version of forEach.
You will want to read up on it here.
https://github.com/caolan/async#each
Private forum plugin
-
Hello,
I would like to create a private forum using NodeBB but it seems that there is no real complete option or plugin to achieve this.
My idea is to add a new route that will be used before all. It will check if the user is connected (using the cookie).
If not : the request is blocked and redirected to/login, if yes, the request is allowed.Workflow:
- A client send a request to NodeBB
- The request passes through this first route
- This route check if the user is logged in (based on its cookie)
if no, redirect it to /login(Only/loginand/registerare allowed)
if yes, the request is allowed
Can a NodeBB developper help me to:
- Confirm if it is possible to create a plugin that will add a new route at top level
- Where to add a route in order to be the first one called (I know Node.JS but not yet how to create a plugin for NodeBB).
Thanks a lot!
-
You don't want to add a new route. What you want is to add a new middleware that applies to all routes except those related to login and register.
This is possible with a plugin, and should be fairly simple, just adding the middleware in
static:app.loadhandler. -
@PitaJ said in Private forum plugin:
What you want is to add a new middleware that applies to all routes except those related to login and register.
Yes, you are totally right.
Do you have in mind a plugin that add a middleware in
static:app.loadhandler?
It will be faster to clone and edit it
I will take a look at the documentation.
-
I believe the quickstart example plugin has it. But it doesn't add a middleware. You'll want to look into the express documentation for that.
-
Hang on... you just want to redirect users to log in or register, right?
Why don't you just restrict category permissions to registered-users only? Then you can use some client-side logic in the custom JS to send users to
/loginor/registerifapp.user.uidis 0. -
@PitaJ I think I begin to understand the concept.
Using the following plugin.json my script can use the express object to intercept each requests?{ "id": "nodebb-plugin-private-forum", "url": "httls://github.com/..../.......", "library": "./private-forum.js", "hooks": [ { "hook": "static:app.load", "method": "init" } ] }I am not sure about the hook configuration.
This is the kind of code I would like to use in my plugin:
app.use(function(req, res, next) { if (req.session.user == undefined) { return res.render('/login'); } else { next(); } }); -
@julian I tried this already.
But this is not secure, as the API can still be requested manually (for example user pages are public).Using a middleware I can filter all requests and only serve the login or register page.
Front code is not secure because the user can remove it.
-
@flex you're on the right track with what you have there. Try it out!
You'll probably want to redirect instead. Here's a helpful handler to assist:
https://github.com/NodeBB/NodeBB/blob/master/src/controllers/helpers.js#L107
-
Hello guys,
I am starting to develop the plugin, but I did not understand how to add my code as a middleware and use the
reqobject.
For now it is not working because I don't know how to get thereqobject (undefinied).Here's my plugin:
'use strict'; const plugin = {}; var winston = module.parent.require('winston'); const helpers = require.main.require('./src/controllers/helpers'); plugin.init = function (params, callback) { const { app, middleware, router } = params; var allowedPages=["/login", "/register", "/reset"]; console.log("=================================="); console.log(" Plugin Private Forum Initialized "); console.log("=================================="); if (allowedPages.indexOf(req.url) < 0) { helpers.notAllowed(req, res, next); } else { console.log("PLUGIN PRIVATE FORUM: req.url="+req.url+", user is logged"); winston.log("PLUGIN PRIVATE FORUM: req.url="+req.url+", user is logged"); next(); } }; module.exports = plugin;You can see it here: https://github.com/LM1LC3N7/nodebb-plugin-private-forum/blob/master/library.js
Of course there are errors:
2020-06-03T15:55:06.696Z [4567/1731] - verbose: [plugins/fireHook] static:app.load ================================== Plugin Private Forum Initialized ================================== 2020-06-03T15:55:06.733Z [4567/1731] - error: [plugins] Error executing 'static:app.load' in plugin 'nodebb-plugin-private-forum' 2020-06-03T15:55:06.734Z [4567/1731] - error: ReferenceError: req is not defined at Object.plugin.init [as method] (/etc/nodebb/nodebb-plugin-private-forum/library.js:16:27) at /nodebb/src/plugins/hooks.js:176:30 at /nodebb/node_modules/async/dist/async.js:2154:44 at eachOfArrayLike (/nodebb/node_modules/async/dist/async.js:500:13) at eachOf (/nodebb/node_modules/async/dist/async.js:551:16) at awaitable (/nodebb/node_modules/async/dist/async.js:208:32) at Object.eachLimit (/nodebb/node_modules/async/dist/async.js:2216:16) at /nodebb/node_modules/async/dist/async.js:216:25 at new Promise (<anonymous>) at Object.awaitable (/nodebb/node_modules/async/dist/async.js:211:20) -
This post is deleted! -
-
You need to wrap the middleware in a function and apply that function with app.use
-
@PitaJ thanks!
Do you know if there is an helper to check if the user is connected?
-
@flex what do you mean by connected? You can check if a user is logged in by checking if
req.uidis greater than (not equal to) 0. -
Thank you again, now it seems to work well!
Can you review the code and maybe test the module?
I would like to be sure that I have not forgot something. -
The plugin is now live on npm and should be automatically updated when I create a new release version on GitHub.
-
Do you know why there is still this message?
package.json
"nbbpm": { "compatibility": "^1.11.2" } -
-
@julian ok, I was thinking that the
nbbpmwas here for that!
Thank you for your answer!