我有一个管理员用户,即使该用户当前已登录,我也希望该用户在访问特定路由之前进行身份验证,对于该特定路由,我希望出现一个密码字段,并且他输入的密码必须在他之前有效重定向到此路由,我该如何处理这种类型的中间件?我已经有一个中间件来检查用户是否已通过身份验证,我想继续检查用户是否已通过身份验证和管理员,但是我还希望用户在访问页面之前重新输入密码,我该怎么做?
function isAdmin(req, res, next) {
if (req.isAuthenticated()) {
if (req.user.role == 'admin') {
return next();
}
res.redirect('/');
}
res.redirect('/login');
}
答案 0 :(得分:0)
我认为这是我建议您实现的目标:
function isAdmin(req, res, next) {
if (req.isAuthenticated()) {
//one is authenticated
//check if they are admin
if (req.user.role == 'admin') {
//first confirm the password as you want before re-routing
const confirmPass; //This will be passed from front-end
//Lets assume you stored your pass in response as password i.e (res.user.password).
if((res.user.password)==confirmPass){
//move out of the function
return next();
}
} else
//if role is not admin -> Go to homepage
res.redirect('/');
}
//if not authenticated, go to login.
res.redirect('/login');
}
//next is here-admin
function confirmedAdmin(req,res){
//code here
}