Make Private Forum

aaron

Hello,

I would like to do two things.

1. Whenever someone who is not logged in visits any page, I want to redirect them to the login page (or preferably to a login/register page but I don't think that exists).

2. I would like to make categories invisible to anyone who doesn't have access to them.

Thanks in advance for your help!
Aaron

baris

https://github.com/designcreateplay/NodeBB/issues/743

bdharrington7 created this issue in designcreateplay/NodeBB

closed Disable viewing forum content unless logged in #743

aaron

Thanks @baris. I appreciate that you guys are planning to include that feature in the next release. But it's really important that I figure out a temporary solution in the next week. Can you explain how I could tweak the code to this effect:

Upon request to visit any page except /login or /register:
If user is logged in:
send them to the page normally
If user is not logged in:
redirect to /login

Thanks a lot!
Aaron

PS It would be great if posts could preserve spaces. It's hard to write pseudocode, for example, without spaces.

julian

@aaron backticks for inline code like this, four space indent for block code

like this

baris

@aaron Give this a shot, warning it is hacky. Add the following snippet after this line : https://github.com/designcreateplay/NodeBB/blob/master/src/webserver.js#L431

function loggedIn(req, res, next) {
	if(req.user && parseInt(req.user.uid, 10)) {
		return next();
	}

	var allowed = ['config', 'get_templates_listing', '403', 'login', 'register'];
	if(req.params && allowed.indexOf(req.params.route) !== -1) {
		return next();
	}
			
	res.status('403');
	res.redirect('/403');
}

app.all('/api/:route', loggedIn);
app.get('/', loggedIn);

I couldn't manage to redirect to the '/login' page for some reason. Maybe someone else has a better way to do it. This will redirect to 403.

aaron

Thanks a lot @baris! I'll try it out when I fix the random bug that just cropped up. It would be great if I could redirect to an arbitrary page though as I'd ultimately like to write my own welcome page and redirect there.

aaron

Hi @baris, @julian, I got everything working again and gave your solution a try. It succeeded in preventing non-logged in visitors from visiting the home page. But if someone had a direct link to a category page they could still go there. Any other ideas? I'd really like to redirect to a custom welcome page or at least the registration page if possible and it's important that every request (except those to /login or /register gets routed there if the user isn't logged in). I really appreciate your help! You've built a great piece of software.

Best,
Aaron

baris

Try changing app.all('/api/:route', loggedIn); to app.all('/api/:route/*?', loggedIn);

aaron

Perfect, thanks!

Do you also know how I could do one of these three things?:

1. Redirect to /register
2. Redirect to a custom page I could base off a template page which I could find...where?
3. Customize the /403 page

Thanks again @baris!

baris

https://github.com/designcreateplay/NodeBB/blob/master/public/src/templates.js#L206

You can change that line to return ajaxify.go('/register'); then all forbidden pages will redirect to register. You can then change the register.tpl file.

aaron

Hi, thanks again @baris.

I just tried: return ajaxify.go('/register'); It didn't seem to work unfortunately.

Additionally, I now realize that the fix I said worked has a problem. While it redirects you to /403 if you type the home address into the browser, the links in the top left (home, recent, users) still work. Any idea how to solve this problem?

Thanks,
Aaron

baris

Try :

function loggedIn(req, res, next) {
    if(req.user && parseInt(req.user.uid, 10)) {
        return next();
    }

    var allowed = ['config', 'get_templates_listing', '403', 'login', 'register'];
    if(req.params && allowed.indexOf(req.params.route) !== -1) {
        return next();
    }

    res.status('403');
    res.redirect('/403');
}
app.all('/api/:route/*?', loggedIn);
app.all('/api/:route', loggedIn);
app.get('/', loggedIn);

and

return ajaxify('register') in the template file. That works for me.

aaron

Hmmm...now if I click on those links, all but the header disappears. For example, if I click the users icon, the address changes to /users, but the screen goes blank except for the header.

Is it possible my problems have to do with my Redis store? I'm getting this readout from the terminal where I launched the redis server:

[17580] 04 Feb 17:14:56.496 # Server started, Redis version 2.8.4
[17580] 04 Feb 17:14:56.497 * DB loaded from disk: 0.002 seconds
[17580] 04 Feb 17:14:56.497 * The server is now ready to accept connections on port 6379
[17580] 04 Feb 17:15:57.017 * 10 changes in 60 seconds. Saving...
[17580] 04 Feb 17:15:57.018 * Background saving started by pid 17592
[17592] 04 Feb 17:15:57.018 # Failed opening .rdb for saving: Permission denied
[17580] 04 Feb 17:15:57.118 # Background saving error
[17580] 04 Feb 17:16:03.052 * 10 changes in 60 seconds. Saving...
[17580] 04 Feb 17:16:03.052 * Background saving started by pid 17596
[17596] 04 Feb 17:16:03.053 # Failed opening .rdb for saving: Permission denied
[17580] 04 Feb 17:16:03.153 # Background saving error

aaron

This post is deleted!

baris

Make sure your browser cache is disabled when you are testing this. return ajaxify('register'); works fine for me but I got the same result you described when I tried return ajaxify('/register');.

About your redis issue looks like the user redis running under doesn't have permission to write to that location.

aaron

Thanks. That's what I figured, so I went to the directory with dump.rdb and did sudo chmod 777 dump.rdb and this is the output of ls -l:
total 16
-rwxrwxrwx 1 root wheel 5654 Jan 30 20:26 dump.rdb

Also, I definitely did register, not /register. So not sure what the problem is there.

I appreciate your taking the time to help me out with this!

baris

function loggedIn(req, res, next) {
    if(req.user && parseInt(req.user.uid, 10)) {
        return next();
    }

    var allowed = ['config', 'get_templates_listing', '403', 'login', 'register'];
    if(req.params && allowed.indexOf(req.params.route) !== -1) {
        return next();
    }

    res.status('403');
    res.redirect('/403');
}
app.all('/api/:route/*?', loggedIn);
app.all('/api/:route', loggedIn);

Looks like you don't need the last route. With the above code and the return ajaxify('register'); in templates.js it redirects to register for me. Let me know if it doesn't work.

aaron

It doesn't work for me. I put that block of code indented after the line:
app.namespace(nconf.get('relative_path'), function () {

I think this might be another caching issue, but it keeps forgetting who I am and I keep having to call flushall on the database and doing node app --setup again to be able to log in and test it.

aaron

This post is deleted!

baris

I'm not sure why you are getting that permission error. @julian might have a better idea.