great @Ben-Lubar ! Thanks
The cron tab is for what exactly ?
great @Ben-Lubar ! Thanks
The cron tab is for what exactly ?
Thank you again, now it seems to work well!
Can you review the code and maybe test the module?
I would like to be sure that I have not forgot something.
@PitaJ said in Private forum plugin:
What you want is to add a new middleware that applies to all routes except those related to login and register.
Yes, you are totally right.
Do you have in mind a plugin that add a middleware in static:app.load
handler?
It will be faster to clone and edit it
I will take a look at the documentation.
@julian ok, I was thinking that the nbbpm
was here for that!
Thank you for your answer!
Do you know why there is still this message?
"nbbpm": {
"compatibility": "^1.11.2"
}
The plugin is now live on npm and should be automatically updated when I create a new release version on GitHub.
Thank you again, now it seems to work well!
Can you review the code and maybe test the module?
I would like to be sure that I have not forgot something.
@PitaJ thanks!
Do you know if there is an helper to check if the user is connected?
Hello guys,
I am starting to develop the plugin, but I did not understand how to add my code as a middleware and use the req
object.
For now it is not working because I don't know how to get the req
object (undefinied).
Here's my plugin:
'use strict';
const plugin = {};
var winston = module.parent.require('winston');
const helpers = require.main.require('./src/controllers/helpers');
plugin.init = function (params, callback) {
const { app, middleware, router } = params;
var allowedPages=["/login", "/register", "/reset"];
console.log("==================================");
console.log(" Plugin Private Forum Initialized ");
console.log("==================================");
if (allowedPages.indexOf(req.url) < 0) {
helpers.notAllowed(req, res, next);
} else {
console.log("PLUGIN PRIVATE FORUM: req.url="+req.url+", user is logged");
winston.log("PLUGIN PRIVATE FORUM: req.url="+req.url+", user is logged");
next();
}
};
module.exports = plugin;
You can see it here: https://github.com/LM1LC3N7/nodebb-plugin-private-forum/blob/master/library.js
Of course there are errors:
2020-06-03T15:55:06.696Z [4567/1731] - verbose: [plugins/fireHook] static:app.load
==================================
Plugin Private Forum Initialized
==================================
2020-06-03T15:55:06.733Z [4567/1731] - error: [plugins] Error executing 'static:app.load' in plugin 'nodebb-plugin-private-forum'
2020-06-03T15:55:06.734Z [4567/1731] - error: ReferenceError: req is not defined
at Object.plugin.init [as method] (/etc/nodebb/nodebb-plugin-private-forum/library.js:16:27)
at /nodebb/src/plugins/hooks.js:176:30
at /nodebb/node_modules/async/dist/async.js:2154:44
at eachOfArrayLike (/nodebb/node_modules/async/dist/async.js:500:13)
at eachOf (/nodebb/node_modules/async/dist/async.js:551:16)
at awaitable (/nodebb/node_modules/async/dist/async.js:208:32)
at Object.eachLimit (/nodebb/node_modules/async/dist/async.js:2216:16)
at /nodebb/node_modules/async/dist/async.js:216:25
at new Promise (<anonymous>)
at Object.awaitable (/nodebb/node_modules/async/dist/async.js:211:20)
@julian I tried this already.
But this is not secure, as the API can still be requested manually (for example user pages are public).
Using a middleware I can filter all requests and only serve the login or register page.
Front code is not secure because the user can remove it.
@PitaJ I think I begin to understand the concept.
Using the following plugin.json my script can use the express object to intercept each requests?
{
"id": "nodebb-plugin-private-forum",
"url": "httls://github.com/..../.......",
"library": "./private-forum.js",
"hooks": [
{ "hook": "static:app.load", "method": "init" }
]
}
I am not sure about the hook configuration.
This is the kind of code I would like to use in my plugin:
app.use(function(req, res, next) {
if (req.session.user == undefined) {
return res.render('/login');
}
else {
next();
}
});
@PitaJ said in Private forum plugin:
What you want is to add a new middleware that applies to all routes except those related to login and register.
Yes, you are totally right.
Do you have in mind a plugin that add a middleware in static:app.load
handler?
It will be faster to clone and edit it
I will take a look at the documentation.