Basic authenticated not working with FlowRouter.go


#1

Hello,

I’m trying to enable basic authentication for certain URLs, but unfortunately, from another route if I use FlowRouter.go then somehow it opens the corresponding URL without basic authentication…

Here’s what I do to enable basic auth;

// inside of HttpBasicAuth
  var basicAuth = WebAppInternals.NpmModules.connect.module.basicAuth;

      routes = routes || [''];

      for(var i=0; i<routes.length; i++) {
        WebApp.connectHandlers.stack.splice(i, 0, {
          route: routes[i],
          handle: basicAuth(this.callback, this.realm)
        });
      }
    }
  };

// Usage

    const auth = new HttpBasicAuth(((username, password) => (process.env.MONGOCLIENT_USERNAME === username && process.env.MONGOCLIENT_PASSWORD === password)));
    auth.protect(
      [
        '/',
        '/databaseStats'
      ]
    );

Using the latest version of both FlowRouter and Meteor


#2

That’s because meteor apps are (almost always) Single Page Apps. Because there’s no new request to the server for the next page, it never hits your route and never triggers basic auth.

You can use basic auth if you separate out the protected sections into separate apps.

Although I would recommend just using the accounts system with roles to protect routes and data