for is synchronous, so you will need to require the async library. That library has an async.each() function which is an asynchronous version of forEach.
You will want to read up on it here.
https://github.com/caolan/async#each
Hello,
I would like to create a private forum using NodeBB but it seems that there is no real complete option or plugin to achieve this.
My idea is to add a new route that will be used before all. It will check if the user is connected (using the cookie).
If not : the request is blocked and redirected to /login
, if yes, the request is allowed.
Workflow:
/login
(Only /login
and /register
are allowed)Can a NodeBB developper help me to:
Thanks a lot!
You don't want to add a new route. What you want is to add a new middleware that applies to all routes except those related to login and register.
This is possible with a plugin, and should be fairly simple, just adding the middleware in static:app.load
handler.
@PitaJ said in Private forum plugin:
What you want is to add a new middleware that applies to all routes except those related to login and register.
Yes, you are totally right.
Do you have in mind a plugin that add a middleware in static:app.load
handler?
It will be faster to clone and edit it
I will take a look at the documentation.
I believe the quickstart example plugin has it. But it doesn't add a middleware. You'll want to look into the express documentation for that.
Hang on... you just want to redirect users to log in or register, right?
Why don't you just restrict category permissions to registered-users only? Then you can use some client-side logic in the custom JS to send users to /login
or /register
if app.user.uid
is 0.
@PitaJ I think I begin to understand the concept.
Using the following plugin.json my script can use the express object to intercept each requests?
{
"id": "nodebb-plugin-private-forum",
"url": "httls://github.com/..../.......",
"library": "./private-forum.js",
"hooks": [
{ "hook": "static:app.load", "method": "init" }
]
}
I am not sure about the hook configuration.
This is the kind of code I would like to use in my plugin:
app.use(function(req, res, next) {
if (req.session.user == undefined) {
return res.render('/login');
}
else {
next();
}
});
@julian I tried this already.
But this is not secure, as the API can still be requested manually (for example user pages are public).
Using a middleware I can filter all requests and only serve the login or register page.
Front code is not secure because the user can remove it.
@flex you're on the right track with what you have there. Try it out!
You'll probably want to redirect instead. Here's a helpful handler to assist:
https://github.com/NodeBB/NodeBB/blob/master/src/controllers/helpers.js#L107
Hello guys,
I am starting to develop the plugin, but I did not understand how to add my code as a middleware and use the req
object.
For now it is not working because I don't know how to get the req
object (undefinied).
Here's my plugin:
'use strict';
const plugin = {};
var winston = module.parent.require('winston');
const helpers = require.main.require('./src/controllers/helpers');
plugin.init = function (params, callback) {
const { app, middleware, router } = params;
var allowedPages=["/login", "/register", "/reset"];
console.log("==================================");
console.log(" Plugin Private Forum Initialized ");
console.log("==================================");
if (allowedPages.indexOf(req.url) < 0) {
helpers.notAllowed(req, res, next);
} else {
console.log("PLUGIN PRIVATE FORUM: req.url="+req.url+", user is logged");
winston.log("PLUGIN PRIVATE FORUM: req.url="+req.url+", user is logged");
next();
}
};
module.exports = plugin;
You can see it here: https://github.com/LM1LC3N7/nodebb-plugin-private-forum/blob/master/library.js
Of course there are errors:
2020-06-03T15:55:06.696Z [4567/1731] - verbose: [plugins/fireHook] static:app.load
==================================
Plugin Private Forum Initialized
==================================
2020-06-03T15:55:06.733Z [4567/1731] - error: [plugins] Error executing 'static:app.load' in plugin 'nodebb-plugin-private-forum'
2020-06-03T15:55:06.734Z [4567/1731] - error: ReferenceError: req is not defined
at Object.plugin.init [as method] (/etc/nodebb/nodebb-plugin-private-forum/library.js:16:27)
at /nodebb/src/plugins/hooks.js:176:30
at /nodebb/node_modules/async/dist/async.js:2154:44
at eachOfArrayLike (/nodebb/node_modules/async/dist/async.js:500:13)
at eachOf (/nodebb/node_modules/async/dist/async.js:551:16)
at awaitable (/nodebb/node_modules/async/dist/async.js:208:32)
at Object.eachLimit (/nodebb/node_modules/async/dist/async.js:2216:16)
at /nodebb/node_modules/async/dist/async.js:216:25
at new Promise (<anonymous>)
at Object.awaitable (/nodebb/node_modules/async/dist/async.js:211:20)
You need to wrap the middleware in a function and apply that function with app.use
@PitaJ thanks!
Do you know if there is an helper to check if the user is connected?
@flex what do you mean by connected? You can check if a user is logged in by checking if req.uid
is greater than (not equal to) 0.
Thank you again, now it seems to work well!
Can you review the code and maybe test the module?
I would like to be sure that I have not forgot something.
The plugin is now live on npm and should be automatically updated when I create a new release version on GitHub.
Do you know why there is still this message?
"nbbpm": {
"compatibility": "^1.11.2"
}
@julian ok, I was thinking that the nbbpm
was here for that!
Thank you for your answer!