This is my first test project with Meteor and I am trying to grasp and learn all the basic concepts.
Using the “accounts-password” package and “iron:router”, I have build a simple user account system, where registered users can login and see their details / posts on their personal account page (userAccount). Logically, this personal account page should not be publicly accessible, i.e. if you provide the wrong credentials, you will be redirected back to the login page.
For that purpose, I created a router configuration, that manages access to the page template (userAccount):
Router.route('/account', { name: 'userAccount', template: 'userAccount', onBeforeAction: function(){ var currentUser = Meteor.userId(); if(currentUser){ // logged-in this.next(); } else { // not logged in this.render('login'); } } });
Is this the correct way to create individual login-areas, which are protected from public access?
If you have multiple pages within that login-area, they all have to be protected with the same routing configuration for each template?