• Swedes

    I have been having some issues since NodeBB went all in on async/await. I have a private forum so I need to redirect to /login if the visitor isn't logged in.

    What worked before was a library function listening to filter:middleware.render, and then:

    library.checkLoginStatus = async (data) => {
    
    	if (data.req.loggedIn ||
    			allowedUrls(data.req.url)
    	) {
    		return data;
    	}
    	return Helpers.redirect(data.res, '/login');
    };
    

    allowedUrls is a function that just checks the requested url against a list of allowed ones (like /login, /email/unsubscribe and /register).

    Everything worked great but now I'm upgraded to 1.16.x.

    The issue I'm having is that there are other functions that tails this one listening to the same hook. So my question is if I can interrupt that flow somehow on redirect. Or maybe there's an even better solution, but it needs to be forum wide. The tailing functions get undefined passed in so everything breaks. The weird thing is that everything seems to work, and it semi silently drops the error. But I don't want a bunch of error logs cluttering things up.

    I know NodeBB is meant to be open and all, but in this case I need to lock it down until someone has registered. I built this functionality when on 1.12 I think so something else might be a better option.

    I'm turning to you community.

  • NodeBB

    Maybe 'response:router.page' is better then, it won't call next if you already do a redirect in it.

    https://github.com/NodeBB/NodeBB/blob/master/src/middleware/index.js#L94-L101

  • NodeBB

    I think it's better if you don't use filter:middleware.render. Since that is called all the way at the end of the request. In your plugin you can add a handler before everything else and redirect if user isn't allowed. Something like below.

    plugin.init = async (params) => {
       params.router.use(function (req, res, next) {
          if (req.loggedIn || allowedUrls(req.url)) {
             return next();
          }
          
          return Helpers.redirect(res, '/login'););
    };
    

    Let me know if this works.

  • Swedes

    Though this works, it also redirects every call for assets (images, stylesheets etc). So I get a site without CSS. 😄

    Maybe another hook is more appropriate?

    I also have another function that redirects to the profile page if some information is not properly filled in.

    So the overarching question is not to lock people out, it's more about how to divert a user based on some conditions. For instance, we have to require the users full name, so if it's not filled out, they get redirected to their profile edit page and asked to fill it in.

    EDIT: I forgot to tag you @baris.

  • Swedes

    Seems like reverting to callbacks resolves it. I really wanted this to work with async/await, since callbacks will sooner or later be phased out I guess.

    library.checkLoginStatus = (data, callback) => {
    	if (data.req.loggedIn ||
    		allowedUrls(data.req.url)
    	) {
    		callback(null, data);
    	} else {
    		Helpers.redirect(data.res, '/login');
    	}
    };
    
  • Swedes

    I also tried to use the helper function notAllowed, but I get the same result. Redirects to /login but get errors in the log that data is undefined and there is no catch().

    library.checkLoginStatus = async (data) => {
    	if (data.req.loggedIn ||
    		allowedUrls(data.req.url)
    	) {
    		return data;
    	}
    	return Helpers.notAllowed(data.req, data.res);
    };
    
  • NodeBB

    Maybe 'response:router.page' is better then, it won't call next if you already do a redirect in it.

    https://github.com/NodeBB/NodeBB/blob/master/src/middleware/index.js#L94-L101

  • Swedes

    @baris That's it. Worked like a charm. Thanks!

Suggested Topics

| |