0

While working with user authentication I am facing infinite loop during redirection.

Here is the peice of code from app.js:

const hauthen = require('./handlers/hauthen');

const routes = require('./routes/index');
const authen = require('./routes/authen');
const users = require('./routes/users');

app.use(hauthen);

// routes
app.use('/', routes);
app.use('/authen', authen);
app.use('/users', users);

And this code is from the authentication page hauthen.js:

router.all("/authen", (req, res, next) => {
    if (req.authen) {
        res.redirect("/");
    } else {
        next();
    }
});

router.all("*", function(req, res, next) {
    if (req.authen !== undefined) {
        next();
    } else {
        res.redirect('/authen');
    }
});

The basic idea is to redirect to login page if the user is not already authenticated. But I am getting this in console for the root url "/".

GET / 302 16.464 ms - 58
GET /authen 302 2.930 ms - 58
GET /authen 302 1.587 ms - 58
GET /authen 302 0.854 ms - 58
GET /authen 302 1.467 ms - 58
GET /authen 302 1.878 ms - 58
GET /authen 302 0.681 ms - 58

So, what is causing the problem of infinte redirection and how to fix it? Am I doing it in wrong way?

Improve this question

3 Answers 3

Reset to default
2

To avoid the infinite loop and protect routes in your project you can create an specific Route Middleware Function in your file hauthen.js, to Check if a User is Authenticated:

// Check if user is authenticated
function isAuthenticated(req, res, next) {
    if (req.user && req.user.authenticated) {
        return next();
    }

    // If user isn't authenticated, then redirect somewhere
    res.redirect('/login');
}

Than you can use the middleware in the routes you want to protect:

router.get('/protected', isAuthenticated, function(req, res) {
    res.send('Protected route!');
});
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I am aware of this method. But this way I will need to pass isAuthenticated function to every route. Instead I want to do it for all routes at once.
For all you can do router.all('*', isAuthenticated); and remember to exclude the route /login from the isAuthenticated middleware
0

/ redirects to authen and authen redirect to / or continues to / (next) It's a loop.

Improve this answer

2 Comments

does next() continues to "/" here? How can I make it to continue to next route that is to users route. My intention was to continue to users with next().
if authen is defined then it will go back and forth from / to .authen.
0

The problem was with the two routes defined.

router.all("/authen", (req, res, next)

and

router.all("*", function(req, res, next)

The redirection is ok. But once redirected, the next() function will take it to the next route that is "router.all('*', .....". And this is where the loop is created. I changed the route as follows which fixed the problem.

router.all("*", (req, res, next) => {
    if (req.authen !== undefined) {
        if(req.url === "/authen" || req.url === "/authen/") {
            res.redirect("/");
        } else {
            next();
        }
    } else {
        if(req.url === "/authen" || req.url === "/authen/") {
            next();
        } else {
            res.redirect('/authen');    
        }
    }
});
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.