How do you route to different server views based on user authentication in MeanJS 0.4.0?

Question

I'm trying to route to two different server views based on whether or not the user is signed in with the local passport authentication in 0.4.0.

I've tried using:

core.server.routes.js

app.route('/*').get(core.renderIndex);

core.server.controller.js

exports.renderIndex = function(req, res) {
    if (req.user) {
        res.render('modules/core/server/views/index', {
            user: req.user || null
        });     
    } else {
        res.render('modules/core/server/views/noauth', {
            user: null
        });
    }
};

If I delete all cookies to clear the session and refresh, then it does indeed render the noauth.server.view.html file. Once I authenticate, and req.user does test true in my conditional, however, it still renders noauth.server.view.html.

Thanks in advance for your help!

Answer 1

I think you need this:

Simple route middleware to ensure user is authenticated. This routes middleware on any resource that needs to be protected. If request is authenticated (typically via a persistent login session), request will proceed. Otherwise, the user will be redirected to the page.

function ensureAuthenticated(req, res, next) {
    res.header('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
    if (req.isAuthenticated()) { return next(); }
    res.redirect('/login')
}

Edit: first you don't check if a user authenticated or not in your route! Here's how I did it:

My login page:

app.post('/login',
        passport.authenticate('local', { failureRedirect: '/login', failureFlash: true }),
        function(req, res) {
            res.redirect('/authenticated');
    });

And thus every time a user visits a page you need to make sure if they are still or at all authenticated or not:

app.get('/account', ensureAuthenticated, function(req, res){
        res.render('account', { user: req.user });
    });