Make Private Forum



  • Hello,

    I would like to do two things.

    1. Whenever someone who is not logged in visits any page, I want to redirect them to the login page (or preferably to a login/register page but I don't think that exists).

    2. I would like to make categories invisible to anyone who doesn't have access to them.

    Thanks in advance for your help!
    Aaron





  • Thanks @baris. I appreciate that you guys are planning to include that feature in the next release. But it's really important that I figure out a temporary solution in the next week. Can you explain how I could tweak the code to this effect:

    Upon request to visit any page except /login or /register:
    If user is logged in:
    send them to the page normally
    If user is not logged in:
    redirect to /login

    Thanks a lot!
    Aaron

    PS It would be great if posts could preserve spaces. It's hard to write pseudocode, for example, without spaces.


  • GNU/Linux Admin

    @aaron backticks for inline code like this, four space indent for block code

    like this


  • @aaron Give this a shot, warning it is hacky. Add the following snippet after this line : https://github.com/designcreateplay/NodeBB/blob/master/src/webserver.js#L431

    function loggedIn(req, res, next) {
    	if(req.user && parseInt(req.user.uid, 10)) {
    		return next();
    	}
    
    	var allowed = ['config', 'get_templates_listing', '403', 'login', 'register'];
    	if(req.params && allowed.indexOf(req.params.route) !== -1) {
    		return next();
    	}
    			
    	res.status('403');
    	res.redirect('/403');
    }
    
    app.all('/api/:route', loggedIn);
    app.get('/', loggedIn);
    

    I couldn't manage to redirect to the '/login' page for some reason. Maybe someone else has a better way to do it. This will redirect to 403.



  • Thanks a lot @baris! I'll try it out when I fix the random bug that just cropped up. It would be great if I could redirect to an arbitrary page though as I'd ultimately like to write my own welcome page and redirect there.



  • Hi @baris, @julian, I got everything working again and gave your solution a try. It succeeded in preventing non-logged in visitors from visiting the home page. But if someone had a direct link to a category page they could still go there. Any other ideas? I'd really like to redirect to a custom welcome page or at least the registration page if possible and it's important that every request (except those to /login or /register gets routed there if the user isn't logged in). I really appreciate your help! You've built a great piece of software.

    Best,
    Aaron



  • Try changing app.all('/api/:route', loggedIn); to app.all('/api/:route/*?', loggedIn);



  • Perfect, thanks!

    Do you also know how I could do one of these three things?:

    1. Redirect to /register
    2. Redirect to a custom page I could base off a template page which I could find...where?
    3. Customize the /403 page

    Thanks again @baris!



  • https://github.com/designcreateplay/NodeBB/blob/master/public/src/templates.js#L206

    You can change that line to return ajaxify.go('/register'); then all forbidden pages will redirect to register. You can then change the register.tpl file.



  • Hi, thanks again @baris.

    I just tried: return ajaxify.go('/register'); It didn't seem to work unfortunately.

    Additionally, I now realize that the fix I said worked has a problem. While it redirects you to /403 if you type the home address into the browser, the links in the top left (home, recent, users) still work. Any idea how to solve this problem?

    Thanks,
    Aaron



  • Try :

    function loggedIn(req, res, next) {
        if(req.user && parseInt(req.user.uid, 10)) {
            return next();
        }
    
        var allowed = ['config', 'get_templates_listing', '403', 'login', 'register'];
        if(req.params && allowed.indexOf(req.params.route) !== -1) {
            return next();
        }
    
        res.status('403');
        res.redirect('/403');
    }
    app.all('/api/:route/*?', loggedIn);
    app.all('/api/:route', loggedIn);
    app.get('/', loggedIn);
    

    and

    return ajaxify('register') in the template file. That works for me.



  • Hmmm...now if I click on those links, all but the header disappears. For example, if I click the users icon, the address changes to /users, but the screen goes blank except for the header.

    Is it possible my problems have to do with my Redis store? I'm getting this readout from the terminal where I launched the redis server:

    [17580] 04 Feb 17:14:56.496 # Server started, Redis version 2.8.4
    [17580] 04 Feb 17:14:56.497 * DB loaded from disk: 0.002 seconds
    [17580] 04 Feb 17:14:56.497 * The server is now ready to accept connections on port 6379
    [17580] 04 Feb 17:15:57.017 * 10 changes in 60 seconds. Saving...
    [17580] 04 Feb 17:15:57.018 * Background saving started by pid 17592
    [17592] 04 Feb 17:15:57.018 # Failed opening .rdb for saving: Permission denied
    [17580] 04 Feb 17:15:57.118 # Background saving error
    [17580] 04 Feb 17:16:03.052 * 10 changes in 60 seconds. Saving...
    [17580] 04 Feb 17:16:03.052 * Background saving started by pid 17596
    [17596] 04 Feb 17:16:03.053 # Failed opening .rdb for saving: Permission denied
    [17580] 04 Feb 17:16:03.153 # Background saving error
    


  • This post is deleted!


  • Make sure your browser cache is disabled when you are testing this. return ajaxify('register'); works fine for me but I got the same result you described when I tried return ajaxify('/register');.

    About your redis issue looks like the user redis running under doesn't have permission to write to that location.



  • Thanks. That's what I figured, so I went to the directory with dump.rdb and did sudo chmod 777 dump.rdb and this is the output of ls -l:
    total 16
    -rwxrwxrwx 1 root wheel 5654 Jan 30 20:26 dump.rdb

    Also, I definitely did register, not /register. So not sure what the problem is there.

    I appreciate your taking the time to help me out with this!



  • function loggedIn(req, res, next) {
        if(req.user && parseInt(req.user.uid, 10)) {
            return next();
        }
    
        var allowed = ['config', 'get_templates_listing', '403', 'login', 'register'];
        if(req.params && allowed.indexOf(req.params.route) !== -1) {
            return next();
        }
    
        res.status('403');
        res.redirect('/403');
    }
    app.all('/api/:route/*?', loggedIn);
    app.all('/api/:route', loggedIn);
    

    Looks like you don't need the last route. With the above code and the return ajaxify('register'); in templates.js it redirects to register for me. Let me know if it doesn't work.



  • It doesn't work for me. I put that block of code indented after the line:
    app.namespace(nconf.get('relative_path'), function () {

    I think this might be another caching issue, but it keeps forgetting who I am and I keep having to call flushall on the database and doing node app --setup again to be able to log in and test it.



  • This post is deleted!


  • I'm not sure why you are getting that permission error. @julian might have a better idea.


Log in to reply
 

Suggested Topics

| |