No quiero iniciar sesión en /dashboard
sin iniciar sesión, asigné el ID de usuario a la sesión diciendo req.session.userID
. Luego verifiqué esta información de "ID de usuario" a través de middleware, pero puedo acceder a /dashboard
aunque no haya iniciado sesión
server.js
const express=require('express') const session = require('express-session') const flash = require('express-flash') const cookieParser = require('cookie-parser') const cors=require('cors') const MongoDBStore = require('connect-mongodb-session')(session); const authRoutes=require('./routes/authRoutes') const authMiddleware=require('./middlewares/authMiddleware') const app=express() const adminController=require('./controllers/adminController') require('./db') require('dotenv').config() app.set('view engine', 'ejs'); app.use(cors()); app.use(express.urlencoded({extended: true})) app.use(express.json()) app.use(cookieParser()) app.use(require('express-session')({ secret: 'secret', resave: false, saveUninitialized: true, httpOnly: true, store:new MongoDBStore({ uri:process.env.MONGO_URI, collection:'sessions' }) })) app.use('/admin',express.static('public/admin')) app.use('/',express.static('public')) app.use('/admin',authRoutes)
route
router.route('/dashboard',authMiddleware.isAuthentication,(req,res)=>{ res.render('admin/pages/dashboard') }) router.route('/login') .post(async (req,res)=>{ try { const { email, password } = req.body; const user=await AdminModel.findOne({ email }); if (user) { bcrypt.compare(password, user.password, (err, same) => { if (same) { // USER SESSION req.session.userID=user._id return res.status(200).redirect('/admin'); }else{ res.redirect('/admin/login') } }); } } catch (error) { return res.status(400).json({ status: 'fail', error, }); } })
auth Middleware
const isAuthentication = (req, res, next) => { if (!req.session.userID) { return res.redirect("/admin/login"); } else { return next(); } }; module.exports = { isAuthentication, };