Add middleware to prevent unauthorised user from accessing private pages

2026-01-01 15:59:25 +00:00 · 2022-02-21 22:45:38 +00:00
parent 8a783fe35c
commit ced35b41ca
1 changed files with 21 additions and 0 deletions
--- a/app.js
+++ b/app.js
@@ -82,6 +82,27 @@ async function main() {
 		}
 	}));

+	// Authentication middleware that redirects unauthenticated users
+	// back to the login page if they request a page they don't have access
+	// to
+	app.use((req, res, next) => {
+		const allowed = [
+			'/login',
+			'/register',
+			'/password-reset',
+			'/change-password',
+			'/'
+		];
+
+		// Extract the first component of the path from the request
+		const path = `/${req.path.split('/')?.[1] ?? ''}`;
+
+		if (!(allowed.includes(path) || req.session.authenticated))
+			return res.redirect('/login');
+
+		next();
+	});
+
 	app.get('*', (req, res, next) => {
 		req.app.locals.layout = 'main';
 		next();