Reputation: 207
How can we separate route of admin and user?
I am creating routes in node js . I am creating routes for dashboard.
- User login and get the
JWT token. - By sending Token,User can access some route related to user(edit,delete,logout route etc).
- But For admin, I want to create the routes which can see the list of users,edit or remove users,check the logout time of users.I have also set the flag in table to identify the person is user or Admin.
How will be authenticate routes for Admins on backend side?
Upvotes: 0
Views: 2231
Answers (2)
Reputation: 1449
You can be inspired by this logic, And no further explanation can be given here. follow steps (It may help):
First) define role field into DB mongoDB or Mysql (for example):
enum: ['user', 'admin']
Second) create a function checkRole(role) for check role after signin and verify jwt, then get user
Third) create separate route for admin panel (for example):
router.route('/admin-panel').use(authController.checkRole('admin'))
Upvotes: 4
Reputation: 978
You can put your authorization flag in your JWT. When a user logs in, your server generates corresponding JWT, in which included authentication info(i.e. userId). You can put additional authorization info in the token(i.e. auth).
Based on the auth field, your server can identify whether the request is sent by a general user or an admin. Of course, securing the JWT from hijacking is an another story.
Upvotes: 1
Related Questions
- How to create a private route in react js
- Protecting routes on Backend vs Frontend
- i want only admin to route and users to restrict
- React: how to structure routes for admin, user and public
- Access a page only if a user has admin role (React, Express, NodeJS, MongoDB)
- How to stop user from accessing nodejs express routes
- Check if profile is admin or user and display accordingly
- Express route handle for admin and admin/* with same routes
- node js express route for each user
- NodeJS ExpressJS PassportJS - for Admin Pages Only