Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
Add a simple piece of middleware to password protect any page on a site.
The requiresLogin( ) middleware function
function requiresLogin(req, res, next) {
if (req.session && req.session.userId) {
return next();
} else {
var err = new Error('You must be logged in to view this page.');
err.status = 401;
return next(err);
}
}
Using the middleware in a route
router.get('/secret', mid.requiresLogin, function(req, res, next) {
return res.render('secret', { title: 'Top secret. Stay out!' });
});
Resources
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
I've already taught you the basics
of creating middleware.
0:00
So I'll go pretty quickly in this video.
0:02
Remember, we created an index.js
file in the middleware directory.
0:05
I'll add a new function
called requiresLogin here.
0:09
I'll use a conditional statement
to check for a session and
0:20
a userId on that session.
0:25
And if they're both there,
then the user is logged in.
0:28
I'll exit the function by calling
the next piece of middleware.
0:31
If they aren't logged in,
we'll create an error that lets
0:35
the user know that they must be
logged in to view this page.
0:40
We'll provide a 401 status,
meaning unauthorized, and
0:48
we will return this to
the error handling middleware.
0:52
And finally.
0:56
I'll export this function.
1:00
I'll make sure to save it.
1:07
And now we can add this
middleware to any of our routes.
1:10
Let me show you how this new piece of
middleware makes it easy to password
1:12
protect any route in your application.
1:16
Just for fun,
I'll password protect the about page.
1:18
If I go to the index.js file
in the Routes directory,
1:22
I only need to add Mid.requiresLogin
to the about route.
1:26
This will call this piece of
middleware any time someone visits that
1:32
particular route.
1:36
Remember in the last video we already
required the middleware file.
1:38
So the new requiresLogin method
is immediately available to us.
1:43
Let me check this out.
1:47
I'll save this file and
open my browser and
1:48
make sure I'm logged out and
then I'll click on the About link.
1:51
Hey, access denied.
1:56
That's what we're after.
1:57
I'll login and see what happens.
1:59
There is the page, I have access.
2:03
Okay, that's pretty silly, anyone
should be able to see the About page.
2:05
Let's go back to our route,
and delete that code.
2:09
Instead let's add this
to the profile route.
2:14
Check out this bit of code here.
2:21
It's basically the same as
our new piece of middleware,
2:24
no user ID on the session object
means you're not authorized.
2:27
However we don't need it.
2:31
We can delete it and replace it
with our new middleware function.
2:32
Thanks to this little bit of middleware
programming it's really easy to lock down
2:39
any routes that require authentication.
2:43
Simply add the requires login function to
that route and it's password protected.
2:46
Let me show you in the web browser.
2:50
If I log out my profile's off limits.
2:53
I log in and there's my profile.
2:57
This middleware makes the code for
our route simpler and
3:01
moves functionality that's shared between
routes into a separate file and function.
3:03
This is really useful and
3:08
a great example of don't repeat
yourself or DRY programming.
3:09
Now we're almost done with this course but
before we finish let me show you a simple
3:14
way to add a production ready method for
storing session data.
3:18
It's a method that won't bring your
site down when thousands of users
3:22
log in simultaneously.
3:25
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up