Get requests authorized based on permissions using node js


What I want to do is, that every time a user, registered or not, when requesting or entering a URL, I want to know what the user is, to see if he has access, and if he has it Render the page with the personal information of said user.

I tried to solve it by creating a controller (called identifier) for each of the pages available on my website. Said controller is sending the client through res.send() , header with a script (ini.js).

The script, now if you send me the information through the user (id session, user id ...) using POST . To a different controller effectively.

Now yes, I know who the user is, and if he has access or not, etc ... I want to redirect (res.redirect) to the original page, the problem is that he re-executes the controller (identifier ) then this becomes a cycle. (At the moment I do not render)

I do not know if there is a simpler solution to this problem. I've searched a lot but I can not find anything to help me.


Hello! Sorry for the delay I was working on this, and I think I have a solution, and it was with cookies, I do not know why I had the concept that LocalStorage was a replacement for cookies, but no, they have completely different functionality.

I show you the code of how I plan to solve it:


/*Todas las paginas pasan por un controller para ver quienes son*/
'get /registroUsuarios.html': 'AccesosController.accesos',


module.exports = {
       accesos: function(req, res) {'----------------------------------');'accesos()');'----------------------------------');

       res.cookie('codigo', '823789123798');
       res.cookie('usuario', '12345667');

       return res.view('registroUsuarios');

If for each request get that is made to each page I can run the controller, I already allow myself to review permissions, and render. I think the only tedious thing at the moment is having to add all the routes of my page in routes.js .

Let's see if someone serves you or has a suggestion. Greetings!

Thank you very much in advance

asked by Yuve 30.12.2015 в 01:04

2 answers


I think you are using sails js, if this is correct, the correct way to do it is to use policies (policies) : link , so the first thing that you would have to do would be a policy that validates you if your user is logged in or not, if this is the way to the controller where you can do whatever you want, you can implement how many policies you need. In my experience that is the right way to do it.

answered by 12.01.2016 в 06:35

With Node you do not need to put the user access control on every get. You can use the concept of middleware and put in a single get all the access control. Something like:

app.get('/public', function(res,req){
  // esto anda aún cuando no se esté logueado porque se ejecuta antes del control

// poner acá el control de usuario

app.use('/', function(req, res, next){
    res.end(401, "Debe loguearse <a href='/login'>aca</a>");
    next(); // si está logueado continúa la ejecución de los siguientes get

For this to work, sessions and cookies must be enabled. For user control you could put something like this:'/login', function(req,res){
  if(req.body.usuario==='admin' && req.body.clave==='no_hacer_esto_en_produccion'){
    req.session.loggued = req.body.usuario;
    res.end("Ingreso correcto <a href='/menu'>seguir</a>");
    res.end(401, "Ingreso incorrecto <a href='/login'>reintentar</a>");

    "<form method=post action='/login'>"+
    "usuario<input name=usuario><br>"+
    "clave<input name=clave><br>"+
    "<input type=submit value='entrar'></form>"

To enable cookies and sessions (in addition to adding it in the package.json) put up.

var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var session = require('express-session');

and after declaring app:

app.use(session({ secret: 'bazinga', resave:false, saveUninitialized:true }));
answered by 07.01.2016 в 14:48