Setheroni
Reputation: 145
How to only allow access to a route if the current user's id matches the id in said route? NodeJS
I have a route similar to this:
router.get("/users/:id/thing", middlewareObj.isLoggedIn, function(req, res){
res.render("thing.ejs");
});
I want this route to only be accessible if the current user's id matches the ":id" in the route. How would I go about doing this? Much appreciated.
Upvotes: 1
Views: 559
Answers (1)
yBrodsky
Reputation: 5041
You can compare the logged user (I am assuming you have it in req.user [indeed you should check on passport]) with the param ID:
if(req.user.id != req.params.id) return res.status(400);
You could remove the id from the URL and simply use the logged user data. Because if the url id matches the user id, you have something redundant. So, with this..
router.get("/users/thing", middlewareObj.isLoggedIn, function(req, res){
let id = req.user.id;
//do something with the ID which you assume you do, otherwise why you want the ID in the first place
...
//return the view
res.render("thing.ejs");
});
Upvotes: 1
Related Questions
- How can I prevent a user from accessing a route via URL parameters?
- Node JS Express Route Restrict issue
- Restrict access to nodejs express routes
- How to stop user from accessing nodejs express routes
- NodeJS express: limiting access to route
- Express.js require session to access particular routes
- Route based on user´s role with ExpressJS Router
- Make route endpoint respond with different content based on user authentication
- putting User data in all routes if authenticated Express/Node JS
- node js express route for each user