Use condition in express.js server

Question

How I can use condition in my express.js server. If user login I want to change roots and side server rendering my react app. This condition dont work if(!isLoggin) if user login I change it to true, so this should render my index with react. Wher is problem ?

 if(typeof(isLoggin)=='undefined'){
        var isLoggin = false;
    }
    //roots

    if(!isLoggin){
        //index
        app.get('/', function(req, res){
            res.render("indexNotLogin",{title:''});
        })
        //funkcje
        app.get('/funkcje', function(req, res){
            res.render("funkcje",{title:'Funkcje'});
        })

        //zaloguj
        app.get('/zaloguj', function(req, res){
            res.render("zaloguj",{title:'Zaloguj się'});
        })
        //zaloguj
        app.post('/trylogin', function(req, res){
            var username = req.body.name;
            var password = req.body.password;
            connection.query("SELECT * FROM user WHERE username='"+username+"' AND pass='"+password+"'", function(error, rows,fields){
                //callback
                if(!!error){
                    console.log('error in query');
                }else{
                    if(rows.length){
                        res.send('user zalogowany')
                        isLoggin=true;
                    }else{
                        res.send('user nie istnieje')
                    }
                }
            })

        })
    }else{
        console.log("to jest true: "+isLoggin);
        app.get('/', function(req, res){
            res.render("index",{title:'Zaloguj sie'});
        })
    }

@edit /zaloguj, /funkcje this is my static roots

Watch out SQL INJECTION ```connection.query("SELECT * FROM user WHERE username='"+username+"' AND pass='"+password+"'",``` — Risto Novik, Nov 28 '17 at 12:53
You don't need `isLoggin` flag and don't use some conditional adding/removing routes it adds huge complexity. Better use sessions https://stackoverflow.com/questions/7990890/how-to-implement-login-auth-in-node-js — Risto Novik, Nov 28 '17 at 12:56

score 1 · Accepted Answer · answered Nov 28 '17 at 13:09

At first, implement login with session, not a flag.

app.post('/trylogin', function(req, res){
  var username = req.body.name;
  var password = req.body.password;
  connection.query("SELECT * FROM user WHERE username='"+username+"' AND pass='"+password+"'", function(error, rows,fields){
    if(!!error){
      console.log('error in query');
    }else{
      if(rows.length){
        res.send('user zalogowany')
        req.session.user_id = put_user_id_here
      }else{
        res.send('user nie istnieje')
      }
    }
  })
})

If you want to check if the user is logged in or not in order to restrict an access, it is better to implement your own Express middleware (http://expressjs.com/en/guide/using-middleware.html#middleware.router). With the authentication middleware like below, you don't have to add a condition block which wraps route definitions.

app.use(function(req, res, next) {
  if (req.session.user_id) {
    next();
  } else {
    res.status(401).send('Unauthorized')
  }
});

But how I can make it on '/' root ? Before login and after login other page? — Paweł Baca, Nov 28 '17 at 14:02
You can check if `req.session.user_id` is set or not in order to change the root page. — IzumiSy, Nov 28 '17 at 14:06

score 0 · Answer 2 · answered Nov 28 '17 at 14:11

Like this ?

function checkAuth(req, res, next) {
    console.log('Jakies id: '+req.session.user_id);

  if (!req.session.user_id) {
      if(req.route.path=='/'){
          res.render("indexNotLogin",{title:''});
      }else{
        res.send('You are not authorized to view this page');
    }
  } else {
    next();
  }
}

My root to after success login:

//index
app.get('/', checkAuth, function(req, res){
    res.render("index",{title:''});
})

Use condition in express.js server

2 Answers2