Implemented basic authorization check

74b36786 · Rokas Stankunas · db2c99de · 74b36786 · 74b36786
Commit 74b36786 authored 7 months ago by Rokas Stankunas
--- a/public/js/index.js
+++ b/public/js/index.js
 document.addEventListener('DOMContentLoaded', async () => {
+    // Event for checking if the user is logged in
+    try {
+      const res = await fetch('/api/users/loggedin', { method: 'POST' });
+      if (!res.ok) {
+        window.location.href = 'login.html';  
+      }
+    } catch (err) {
+      console.error('Error while checking if a user is logged in:', err);
+    }
+
    const logoutBtn = document.getElementById('logout-btn'); 
  
    // Event for the logout button

--- a/routes/users.js
+++ b/routes/users.js
@@ -58,6 +58,17 @@ router.post('/login', async (req, res) => {
  }
 });

+// Checking if the user is logged in
+router.post('/loggedin', (req, res) => {
+  try {
+    if (!req.session.user) {
+      res.status(403).json({ error: 'Unauthorized' });
+    }
+  } catch (error) {
+    console.error('Authorization check failed:', error);
+    res.status(500).json({ error: 'Server error' });
+  }
+});

 // Closing user session
 router.post('/logout', (req, res) => {