Route Securing Node.JS

SavDevv · January 8, 2024, 11:00pm

Hey there I am attempting to lock down the route /dashboard however when I route it I am not stopped. Any idea on what I’m doing wrong here? Using Node.JS

const express = require('express');

const { auth } = require('express-openid-connect');

const path = require('path');

const { requiresAuth } = require('express-openid-connect');

const app = express();

const config = {

authRequired: false,

auth0Logout: true,

// hidden

};

// auth router attaches /login, /logout, and /callback routes to the baseURL

app.use(auth(config));

// Serve static files under '/FrontEnd' with authentication

app.use('/FrontEnd', requiresAuth(), express.static(path.join(__dirname, '../../FrontEnd')));

// Define routes

app.get('/', (req, res) => {

res.sendFile(path.join(__dirname, '../../FrontEnd/html/index.html'));

});

app.get('/dashboard', requiresAuth(), (req, res) => {

res.sendFile(path.join(__dirname, '../../FrontEnd/html/home.html'));

});

tyf · January 9, 2024, 12:41am

Hey @SavDevv welcome to the community!

Hmm I’m not seeing anything in the code shared that stands out Is there any other middleware involved or perhaps something in config that could be causing issues?

If you haven’t already, I definitely recommend pulling down the sample app in order to compare and contrast. I just did some quick testing with the sample app and am unable to reproduce the behavior you’re seeing.

SavDevv · January 9, 2024, 5:59pm

Hey there!
I’ve tested against the sample app however nothing is showing up that causes any errors. It just sends me to that restricted page.

const express = require('express');
const { auth } = require('express-openid-connect');
const path = require('path');
const { requiresAuth } = require('express-openid-connect');

const app = express();

const config = {
  authRequired: false,
  auth0Logout: true,
  baseURL: 'http://localhost:3000',
};

// auth router attaches /login, /logout, and /callback routes to the baseURL
app.use(auth(config));

app.use(function (req, res, next) {
  res.locals.user = req.oidc.user;
  next();
});

// Serve static files under '/FrontEnd' with authentication
app.use('/FrontEnd', requiresAuth(), express.static(path.join(__dirname, '../../FrontEnd')));

// Define routes
app.get('/', (req, res) => {
  res.sendFile(path.join(__dirname, '../../FrontEnd/html/index.html'));
});

app.get('/dashboard',requiresAuth(), function (req, res, next) {
  res.sendFile(path.join(__dirname, '../../FrontEnd/html/home.html'),{
    userProfile: JSON.stringify(req.oidc.user, null, 2),
    title: 'Profile page'
  });
});

const port = 3000;
app.listen(port, () => {
  console.log(`Server running at http://localhost:${port}/`);
});

SavDevv · January 10, 2024, 1:00pm

On further investigation this functions:

app.get('/dashboard',requiresAuth(), function (req, res, next) {
  res.sendFile(path.join(__dirname, '../../FrontEnd/html/home.html'), {
    userProfile: JSON.stringify(req.oidc?.user, null, 2),
    title: 'Profile page'
  });
});

However when attempting to log in it wont let me access the route.

tyf · January 31, 2024, 1:02am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.