I have a node.js, express website where I authenticate my users with a jwt token. I want to include external webapps, namely agendash into my admin interface.
Agendash is included with a express middleware like this:
const agenda = new Agenda({db: {address: config.get("DBUrl")}})
app.use('/agenda', Agendash(agenda));
My plan was to use an iframe and add an authentication Middleware function where I check if the user is an admin and then add the Authentication token to every request from the frontend. But there seems to be no way to do this.
Is there a way to get this route only available for my admin users without changing the agendash code?
You can do that by using express-basic-auth
Just add it as middleware to your agendash route
var express = require('express');
var app = express();
var basicAuth = require('express-basic-auth')
// ... your other express middleware like body-parser
var Agenda = require('agenda');
var Agendash = require('agendash');
var agenda = new Agenda({ db: { address: 'mongodb://127.0.0.1/agendaDb' } });
// or provide your own mongo client:
// var agenda = new Agenda({mongo: myMongoClient})
app.use('/dash',
basicAuth({
users: {
admin: "super-secure-password",
},
challenge: true,
}),
Agendash(agenda));
// ... your other routes
// ... start your server