Skip to main content

--description--

As is, any user can just go to /profile whether they have authenticated or not by typing in the URL. You want to prevent this by checking if the user is authenticated first before rendering the profile page. This is the perfect example of when to create a middleware.

The challenge here is creating the middleware function ensureAuthenticated(req, res, next), which will check if a user is authenticated by calling Passport's isAuthenticated method on the request which checks if req.user is defined. If it is, then next() should be called. Otherwise, you can just respond to the request with a redirect to your homepage to login.

An implementation of this middleware is:

function ensureAuthenticated(req, res, next) {
  if (req.isAuthenticated()) {
    return next();
  }
  res.redirect('/');
};

Create the above middleware function, then pass ensureAuthenticated as middleware to requests for the profile page before the argument to the GET request:

app
 .route('/profile')
 .get(ensureAuthenticated, (req,res) => {
    res.render('profile');
 });

Submit your page when you think you've got it right. If you're running into errors, you can check out the project completed up to this point.

--hints--

The middleware ensureAuthenticated should be implemented and attached to the /profile route.

async (getUserInput) => {
  const url = new URL("/_api/server.js", getUserInput("url"));
  const res = await fetch(url);
  const data = await res.text();
  assert.match(
    data,
    /ensureAuthenticated[^]*req.isAuthenticated/,
    'Your ensureAuthenticated middleware should be defined and utilize the req.isAuthenticated function'
  );
  assert.match(
    data,
    /profile[^]*get[^]*ensureAuthenticated/,
    'Your ensureAuthenticated middleware should be attached to the /profile route'
  );
}

An unauthenticated GET request to /profile should correctly redirect to /.

async (getUserInput) => {
  const url = new URL("/profile", getUserInput("url"));
  const res = await fetch(url);
  const data = await res.text();
  assert.match(
    data,
    /Home page/,
    'An attempt to go to the profile at this point should redirect to the homepage since we are not logged in'
  );
}