Im using NodeJS, ExpressJS, Mongoose, passportJS and connect-provide-login. User authentication works fine.
.... var passport = require('passport') , LocalStrategy = require('passport-local').Strategy , ensureLoggedIn = require('connect-ensure-login').ensureLoggedIn; var app = express(); ... app.use(passport.initialize()); app.use(passport.session()); ... passport.use(new LocalStrategy({usernameField: 'email', passwordField: 'password'}, function(email, password, done) { User.findOne({ 'email': email, 'password': password }, {'_id': 1, 'email':1}, function(err, user) { if (err) { return done(err); } if (!user) { return done(null, false, { message: 'Incorrect username.' }); } return done(null, user); }); })); passport.serializeUser(function(user, done) { done(null, user); }); passport.deserializeUser(function(user, done) { done(null, user); }); app.post('/login', passport.authenticate('local', { successReturnToOrRedirect: '/home', failureRedirect: '/login' })); app.get('/logout', function(req, res){ req.logout(); res.redirect('/'); });
Now I want to add restrictions on some routes so that they are accessible only to the administrator. How can i do this? e.g. /admin/*
var schema = new mongoose.Schema({ name: String, email: String, password: String, isAdmin: { type: Boolean, default: false } }); mongoose.model('User', schema);
Any hint? Thanks