Applying Security to your NodeJS pages

Docs NodeJS
1

Intro

Wappler allows you to protect Node.js pages using server-side security. Access control is enforced before the page is rendered, ensuring that unauthorized users cannot access protected content.

Security can be applied to:

  • Layout pages
  • Individual content pages

Page protection works together with Security Providers defined in Server Connect. Once a provider is configured, it can be selected directly in the page settings.

Server Side

Before protecting pages, a Security Provider must be defined in Server Connect.

In this example, the Security Provider is called security.

Security Provider Overview
Security Provider Overview1920×1080 118 KB

This provider uses Database Users for authentication and has two permission levels defined:

Security Provider Permissions
Security Provider Permissions1920×1080 135 KB

The configured permission levels will be available when applying page-level protection.

Page Setup

The next step is to apply access restrictions to your pages.

You can restrict access:

  • To specific permission levels
  • To any authenticated user
  • Or leave the page public

If security is applied to a layout page, all content pages using that layout will inherit the same protection settings.
Alternatively, you can apply restrictions directly to individual content pages. This allows different access levels to be configured per page.

In this example, protection will be applied on the layout page so that all content pages using this layout are secured.
Open your layout page:

Layout Page
Layout Page1920×1080 115 KB

Then click App in the App Structure panel to access the page-level settings:

App Structure Panel
App Structure Panel1920×1080 97.4 KB

Scroll to the Page Security section:

Page Security Settings
Page Security Settings1920×1080 98.2 KB

Change Access to Restricted to protect the page.
When applied on a layout page, all content pages using this layout will be protected as well:

Access Restricted
Access Restricted1920×1080 97.4 KB

Once restricted, the following settings become available:

  • Provider — the Security Provider to use for authentication
  • PermissionsAny or the specific permission levels defined in the provider . Any allows access to any authenticated user
  • Login URL — redirect for users who are not logged in
  • Forbidden URL — redirect for users without the required permissions

Page Security Options
Page Security Options1920×1080 95.7 KB

After configuring the security settings, save the layout page.

The selected Security Provider and access rules will now be enforced on all content pages using this layout.
Users who are not authenticated will be redirected to the login page, and users without the required permissions will be redirected to the forbidden page.

Your layout is now protected with server-side security.

5 Likes