1

I'm currently working on my friend's (who is a photographer) portfolio website using the following technologies:

  • Node.js
  • Express
  • MongoDB and Mongoose
  • ejs

I'm a beginning developer and have been struggling for a while now with authentication. I know how to use the passport package to create an administrator user, but since I don't want to implement a user system for a portfolio website, I'm not sure how I should go about making an admin.

The admin would be my friend, and he and only he should be able to see express routes meant for replacing pictures, uploading them, and in short just making post requests to the database. I know I should probably use some form of middleware like with the Passport package, but else than that I have no idea how to go about this.

Thanks in advance!

boston
  • 95
  • 1
  • 7

1 Answers1

0

You can use HTTP Auth for this purpose, check this NPM Module

What happens is, you will define a custom username and password, and use the package as a middleware for your routes, now whenever a user visits the page, the browser will automatically show a popup asking for username and password. In this case, you will not need to implement a user system.

A similar question and answer is posted here

Tejashwi Kalp Taru
  • 2,994
  • 2
  • 20
  • 35
  • So I would create "secret" routes for making post requests, protect them with middleware and if another user accidentally stumbled on them they wouldn't be able to proceed? Thanks btw. – boston Aug 16 '18 at 11:41
  • @boston yes, the browser will automatically ask for a username and password before allowing a user to access those routes/pages – Tejashwi Kalp Taru Aug 16 '18 at 11:45