Question

How to Restrict Access to Logged in Users

Posted on February 12, 2024
DigitalOcean App Platform
Asked by LovableAquamarineWalrus

Hello DigitalOcean Commmunity!

I’m very new to app development, but the tutorials in this community have given me the confidence and the inspiration to learn a lot about what the DigitalOcean App Platform is capable of. And I’m having a lot of fun!

I need a little help understanding how I can restrict access to a directory on the DigitalOcean App Platform.

So far, I built a small app using Node.js with Express for the backend, powered by the Bootstrap framework on the frontend. Both are listed as resources for my app and are functioning well.

The problem I’m having is: I want to restrict users from accessing the /app directory if they’re not logged in. In other words, if a user who isn’t logged in tries to access https://www.example.com/app (or https://www.example.com/app/index.html), I want the user to be redirected to https://www.example.com/login.html.

Here’s an example of the file structure I’m working with right now:

| api
| |-- app.js
| app
| |-- index.html
|-- index.html
|-- login.html

The /app directory will house the majority of the app, while the root directory (with its own index.html and login.html files) will serve as the landing site/splash page for first-time users.

I’ve previously used a .htaccess file to restrict access to certain directories using Apache, but since I’m not running a VPS and I don’t need to block access to the entire directory (since logged in users should be permitted access), how can I accomplish this on the App Platform?

Apologies if this question is a bit naïve. I’m new to this and am really using it as a sandbox for the time being, but I’m hopeful I can learn a bit and press on with the design of my app to build something useful.

Thank you in advance for the help!

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev

Site Moderator

• February 13, 2024

Hey!

Given that you’re using Node.js with Express, you can effectively manage access control through middleware. Middleware functions in Express can help you check if a user is logged in before serving content from the /app directory. Here’s how you can do it:

Implement Session or Token-Based Authentication: First, ensure that your app has a way to manage user sessions or tokens. This is crucial for identifying whether a user is logged in. You might already have this in place with your login system.
Create Middleware to Check User Authentication: Write a middleware function that checks if the user is authenticated. If the user is not logged in, redirect them to the login page.

function ensureAuthenticated(req, res, next) {
    if (req.isAuthenticated()) { // Assuming `req.isAuthenticated()` is your method of checking if the user is logged in
        return next();
    }
    res.redirect('/login.html'); // Redirect to login page if not authenticated
}

Apply the Middleware to Your /app Directory Routes: Before serving any content from the /app directory, use the middleware to ensure the user is authenticated.

app.use('/app', ensureAuthenticated, express.static('app'));

This code snippet assumes you’re serving static files from the /app directory using express.static. The ensureAuthenticated middleware is applied to all routes starting with /app, which checks if the user is logged in before proceeding. If the user is not authenticated, they are redirected to the login page.

Adjust Your File Structure and Routing Accordingly: Make sure your file structure and routing logic in Express align with this access control strategy. The /app directory should be set up to serve the protected content, while the root directory can serve the public-facing index.html and login.html.

Good luck with your project and fee free to post new questions in case that anything else comes up!

Best,

Bobby

KFSys

Site Moderator

• February 13, 2024

Heya @lovableaquamarinewalrus,

Welcome to the exciting world of app development! It’s great to hear that you’ve been inspired by the DigitalOcean community and tutorials.

To achieve the functionality where unauthorized users are redirected to the login page when they try to access the /app directory, you can use middleware in your Express application. Middleware functions are functions that have access to the request object (req), the response object (res), and the next middleware function in the application’s request-response cycle.

Here’s a basic example of how you could implement this:

Create a Middleware Function: This function will check if the user is logged in. If not, it will redirect them to the login page.

function ensureAuthenticated(req, res, next) {
    if (req.isAuthenticated()) { // `isAuthenticated` should be a function that checks user's login status
        return next();
    }
    res.redirect('/login.html'); // Redirect to login if not authenticated
}

Apply the Middleware to Your App Directory: Use this middleware function for routes that you want to protect.

const express = require('express');
const app = express();

// Other middleware setup like body-parser, etc.

app.use('/app', ensureAuthenticated); // Protecting the /app route

// Define other routes

Implement Authentication Check (isAuthenticated): The isAuthenticated function used in the middleware should be a part of your authentication logic. This might involve checking if there’s a valid session or if the user’s credentials are stored and valid.

Session Management: Ensure that your application correctly manages user sessions. This is usually done using packages like express-session and potentially passport for handling user authentication.