Otentikasi lan wewenang minangka unsur penting kanggo njamin keamanan aplikasi web. Ing Express.js lingkungan, sampeyan bisa kanthi efektif ngleksanakake otentikasi pangguna lan akses wewenang kanggo ngamanake sumber daya. Mangkene pandhuan babagan carane ngrampungake iki:
Otentikasi pangguna
Gunakake Authentication Middleware: Gawe otentikasi middleware kanggo mriksa manawa pangguna wis mlebu.
function isAuthenticated(req, res, next) {
if(req.isAuthenticated()) {
return next();
}
res.redirect('/login');
}
app.get('/profile', isAuthenticated,(req, res) => {
// Access profile page when logged in
});
Izin Akses menyang Sumber Daya Aman
Gunakake Wewenang Middleware: Nggawe middleware kanggo mriksa ijin akses pangguna kanggo ngamanake sumber daya.
function hasPermission(req, res, next) {
if(req.user.role === 'admin') {
return next();
}
res.status(403).send('Access denied');
}
app.get('/admin', isAuthenticated, hasPermission,(req, res) => {
// Access admin page with proper permission
});
Nggunakake Pustaka Otentikasi lan Otorisasi
Gunakake Passport.js: Gunakake Passport.js perpustakaan kanggo nyederhanakake otentikasi lan wewenang.
const passport = require('passport');
app.use(passport.initialize());
app.post('/login', passport.authenticate('local', {
successRedirect: '/profile',
failureRedirect: '/login'
}));
app.get('/admin', isAuthenticated, hasPermission,(req, res) => {
// Access admin page with proper permission
});
Kesimpulan
Otentikasi lan wewenang nduweni peran wigati kanggo njaga aplikasi web saka ancaman keamanan. Kanthi nggunakake middleware, perpustakaan kaya Passport.js, lan mriksa ijin, sampeyan bisa mesthekake yen pangguna mung bisa ngakses sumber daya sing cocog lan aman.