Please provide an example which protects static content with express/passport #298
Description
I have difficulties to protect static content, I get alway redirected to / after successful login, when accessing a resource below "/protected"
const express = require('express');
const app = express();
const session = require('express-session');
const passport = require('passport');
const WebAppStrategy = require('ibmcloud-appid').WebAppStrategy;
// Configure session
app.use(session({
secret: 'your-secret',
resave: false,
saveUninitialized: true
}));
// Initialize passport and configure strategy
app.use(passport.initialize());
app.use(passport.session());
passport.use(new WebAppStrategy({
tenantId: "xxx",
clientId: "xxx",
secret: "xxx",
oauthServerUrl: "xxx",
redirectUri: "http://localhost:3000/appid/callback" /*"http://localhost:3000" + CALLBACK_URL*/
}));
// Store user in session
passport.serializeUser((user, done) => {
done(null, user);
});
passport.deserializeUser((user, done) => {
done(null, user);
});
// Middleware to protect static content
const protectContent = (req, res, next) => {
console.log("DEADBEAF");
if (req.isAuthenticated()) {
return next();
}
res.redirect('/appid/login');
};
// Routes
app.get('/appid/login', passport.authenticate(WebAppStrategy.STRATEGY_NAME, {forceLogin: true }));
app.get('/appid/callback', passport.authenticate(WebAppStrategy.STRATEGY_NAME));
// Serve static content
app.use('/protected', protectContent, express.static('protected'));
// Start the server
const port = 3000;
app.listen(port, () => {
console.log(`Server running on port ${port}`);
});