"How to Build a WordPress Theme" was retired on January 1, 2015. You are now viewing the recommended replacement.
Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Well done!
You have completed User Authentication With Express and Mongo!
You have completed User Authentication With Express and Mongo!
Preview
Add a simple piece of middleware to password protect any page on a site.
The requiresLogin( ) middleware function
function requiresLogin(req, res, next) {
if (req.session && req.session.userId) {
return next();
} else {
var err = new Error('You must be logged in to view this page.');
err.status = 401;
return next(err);
}
}
Using the middleware in a route
router.get('/secret', mid.requiresLogin, function(req, res, next) {
return res.render('secret', { title: 'Top secret. Stay out!' });
});
Resources
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
I've already taught you the basics
of creating middleware.
0:00
So I'll go pretty quickly in this video.
0:02
Remember, we created an index.js
file in the middleware directory.
0:05
I'll add a new function
called requiresLogin here.
0:09
I'll use a conditional statement
to check for a session and
0:20
a userId on that session.
0:25
And if they're both there,
then the user is logged in.
0:28
I'll exit the function by calling
the next piece of middleware.
0:31
If they aren't logged in,
we'll create an error that lets
0:35
the user know that they must be
logged in to view this page.
0:40
We'll provide a 401 status,
meaning unauthorized, and
0:48
we will return this to
the error handling middleware.
0:52
And finally.
0:56
I'll export this function.
1:00
I'll make sure to save it.
1:07
And now we can add this
middleware to any of our routes.
1:10
Let me show you how this new piece of
middleware makes it easy to password
1:12
protect any route in your application.
1:16
Just for fun,
I'll password protect the about page.
1:18
If I go to the index.js file
in the Routes directory,
1:22
I only need to add Mid.requiresLogin
to the about route.
1:26
This will call this piece of
middleware any time someone visits that
1:32
particular route.
1:36
Remember in the last video we already
required the middleware file.
1:38
So the new requiresLogin method
is immediately available to us.
1:43
Let me check this out.
1:47
I'll save this file and
open my browser and
1:48
make sure I'm logged out and
then I'll click on the About link.
1:51
Hey, access denied.
1:56
That's what we're after.
1:57
I'll login and see what happens.
1:59
There is the page, I have access.
2:03
Okay, that's pretty silly, anyone
should be able to see the About page.
2:05
Let's go back to our route,
and delete that code.
2:09
Instead let's add this
to the profile route.
2:14
Check out this bit of code here.
2:21
It's basically the same as
our new piece of middleware,
2:24
no user ID on the session object
means you're not authorized.
2:27
However we don't need it.
2:31
We can delete it and replace it
with our new middleware function.
2:32
Thanks to this little bit of middleware
programming it's really easy to lock down
2:39
any routes that require authentication.
2:43
Simply add the requires login function to
that route and it's password protected.
2:46
Let me show you in the web browser.
2:50
If I log out my profile's off limits.
2:53
I log in and there's my profile.
2:57
This middleware makes the code for
our route simpler and
3:01
moves functionality that's shared between
routes into a separate file and function.
3:03
This is really useful and
3:08
a great example of don't repeat
yourself or DRY programming.
3:09
Now we're almost done with this course but
before we finish let me show you a simple
3:14
way to add a production ready method for
storing session data.
3:18
It's a method that won't bring your
site down when thousands of users
3:22
log in simultaneously.
3:25
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up