Closed GrantBaum closed 1 year ago
Here is what I'm thinking---
Fortunately, the security concerns are pretty minimal because the backend will only let users access the data they are allowed to access. For example, only users designated with the admin
scope will be able to access /background/all
. If a normal user logs in, the route will return a 401 error. Therefore, this is only a matter of concern for the frontend logic.
We can create a separate script (say, /src/client/js/check-auth.js
) which will access the MyMICDS SDK, check if the user is logged in, and if so, check if the user has the admin
authentication scope. If any of these checks fail, we can log out the user (if they are currently logged in) and redirect them to the login page.
Now, for any page we require the user to be an admin, we can add:
<script src="/Admin Pannel MASTER/src/client/js/index.js"></script>
Happy to clarify my thoughts, but this seems like a natural thing to try first 😄
Can you help me with the auth.js?? Also how does index.js do anything
Yeah sure, and you can place it before the index.js in the HTML. We can separate the functionality so that index.js solely does the page-specific logic for whatever page you’re on, and you don’t need to worry about authentication.
I honestly have no clue how to implement this I'm not very good at JavaScript
thanks michael for the help with implementation!
redirect users to the login page if they try to open the HTML before logging in