NodeJS and global security provider

Wappler General How To
#1

How are you handling the login?

Security restrict flooding connections in my database
#2

Nothing fancy from a SC perspective, but at the same time a bit :slight_smile:

I am using a custom formatter for argon2 and I am using middleware to store sessions in PG database.

image

//const session = require('express-session')(Object.assign({ secret: config.secret }, config.session)); 
//MOD Include session store 
const session = require('express-session');
const package = require('../package.json');
const KnexSessionStore = require('connect-session-knex')(session);
const Knex = require('knex');
const knex = Knex({
  client: 'pg',
  connection: {
    host: process.env.DATABASE_HOST,
    port: process.env.DATABASE_PORT,
    user: process.env.DATABASE_USER,
    password: process.env.DATABASE_PASS,
    database: process.env.DATABASE_NAME,
  },
});
const store = new KnexSessionStore({
  knex,
  tablename: 'system_sessions'
});
//ENDMOD Include session store

//MOD Include session store 
app.use(
  session({
    secret: 'it is a secret ;)',
    store,
    name: package.name + '.sid',
    resave: true,
    saveUninitialized: false
  }),
);
//ENDMOD Include session store
#3

I mean - if you have global restrict, it will also restrict your login action before it gets a chance to login…

#4

Oh I get you. Restrict is not global. Only the provider.

1 Like
#5

I wonder if global restrict might be handy but then indeed we need somehow to add exceptions for login actions.

#6

Afaik global SC actions run only if another SC is called. So if by any reason you have a page that doesn’t call any SC but still you want to restrict it you would have to call a dummy SC so that the global Restrict runs.

I just assign to layout pages a SC action and that will work “globally” on all content pages. For me it makes more sense there.

My “auth” layout that holds content for login, register, recover doesnt have a SC assigned. While my “dashboard” layout that holds content for all my protected site has a SC assigned that holds all my restricting logic.

What I miss is a way to assign several SC action files to the same layout/content page. When my layout is loaded I would like to run the authorization SC and then the meta tags SC. Right now I can’t do that. I have to mix in a single SC file the authorization and the meta tags which is not very practical.

1 Like
#7

@JonL why one SC? I run multiple SCs on my pages. Some auto load, others are set to load on click.

#8

Those are AJAX calls. I mean Route SCs which run before content is sent to the browser.

1 Like