Applying Security to your NodeJS pages

After logging in I am returned to the login screen.
If I use the wrong credentials i get a warning, so it seems like it’s accepting my login

Agron2 not a possibility for password hashing anymore ?

Argon2 algorithm is only available in PHP.

2 posts were split to a new topic: Error with authentication in NodeJS

I continue to test work with nodejs projects. I decided to try to configure security for the nodejs project. But I ran into a problem.

The manual shows:

I created a new project. And what does the page settings look like for me:

How do I access server actions as shown in the guide?

Perhaps you are running into this?

Hi Ken

Yes, I’ve already discovered that it’s because of the layout. I came across this topic, where the same situation is discussed: Problems following Node.js "Applying Security" Tutorial/Docs

In my case, as in the topic above, I did not create the layout at all, because I plan to create a classic multi-page application. Which raises the question, is it even possible to fully work with nodejs without using layouts?

The system of layouts and approach in building applications on nodejs in the current form, this is basically the concept of SPA.

What if you don’t need a SPA, but a classic multi-page application?

Using node layout and content pages doesn mean you should be building SPA pages…
Layouts are really useful for reusing your navbar/footer etc across your content pages.

3 Likes

Hello, when selecting “Permissions” in “Restrict Properties”: If I select more than one, does it mean that the logged user has to have both permissions? (that’s how it seems to be working now)

Is there a way to make the enforcer pass if the logged user has either of the selected permissions?

image

Yes, all permissions listed are required.

You’ll need to redesign your model to adhere to this behavior.

This is an old tutorial but the principal is the same, you need to use two tables, one for user details, the other for roles. That way a user can reside in more than one role simultaneously

3 Likes

Thanks a lot!.

It makes sense when explicitly stated. Wappler’s permissions field’s tooltip and documentation don’t make it clear IMO.

Thanks a lot, I’ll check this link. :slightly_smiling_face:

Server side data is missing from the UI. Am I missing a step or is this definitely a bug? Trying to restrict pages…

Might be this bug:

I’m sure it could well be, however for me I’m not seeing it at all regardless of whether the page has a layout selected or not.

Hi Teodor,

I have followed your instruction to do login page and page restrict in nodejs project.

in my case i have two roles admin, registered. right now i’m focusing on admin role to give secure access to the dashboard page which is inside a folder called “admin” so the dashboard page is index.ejs inside the admin folder. and i have created a login.ejs page and placed a partial login form. which has the server connect action set to userLogin.

i have created the users successfully but when i use them to login which return 404 on http://localhost:3000/admin/api/userLogin

Also page redirection in place as you instructred, when success case and unauthorized case.

Could you or anyone else who succeeded please help me out… where i’m doing wrong?

please see the screenshot below:

I had the same problem with admin, writer and manager, this is very easy in php, but in nodejs it is too complicated

1 Like

what would be the best solution to show the user a message that they need to login after the redirect?

You can redirect to the login page using an url param like ?login=1 and then use this url parameter to show/hide a message on the page.

that’s what i thought.

Since I build my app just as in the tutorial (https://www.youtube.com/watch?v=5pSck9KIGBM) with a login-modal in the main-layout, I would have to do this on the main layout, right?

My idea was to show the modal on pageload if the url-param is set. For a wappler-newbie like me, it took some time to figer out how to do this. Here a short guide for anyone with the same problem:

  1. in the Security Restrict set the login URL to something like /?modal=login
  2. In the main Layout, configure the new Params
  3. on the model set a dynamic attribute for “modal show” with “(query.modal == ‘login’)”
1 Like