0

I have a NodeJS Express application, in which I want to implement a basic table list which may include many entries. I will need pagination, sorting and searching using a single input field. In order to just fill this table, without any other feature I am doing a database query, in MongoJS and I am rendering it like usual (by passing the parameter in the result, and using it with Handlebars templates.

In order to add the additional features, I am examining Dynatables (http://www.dynatable.com). However, one serious issue comes to mind:

Since Dynatables requires a GET request to return JSON, I must expose an API request in order to return the necessary information. However, how can I ensure that this API cannot be used by anyone who is not logged in to the application? Right now, I am determining login using Session variables.

Can anyone point me into the right direction?

csotiriou
  • 5,653
  • 5
  • 36
  • 45

1 Answers1

0

How do you check that that initial page is served to authenticated users? Are you using something like passport.is? If yes, it's as simple as adding a middleware route to the JSON endpoint.

Example:

app.get('/app/data', passport.authenticate('local'), function (req, res) {/*get JSON here*/})

Instead of passport, you can roll your own middleware function.

Zlatko
  • 18,936
  • 14
  • 70
  • 123