Step 16
The dashboard is a "protected resource". Only a user must be able to access this page. At the moment, we can directly navigate to dashboard: http://localhost:5001/dashboard.
Now that we have a "username" cookie, we can use as an indication to which a user is logged in or not. We can therefore protect the dashboard view:
app.get("/dashboard", (req, res) => {
const username = req.cookies.username;
const message = req.cookies.message;
if (username) {
res.render("dashboard.njk", { username, message });
} else {
res.cookie("message", "Please login first!").redirect("/");
}
});
Save the index.js
file. In developer tools, manually delete the "username" cookie: (right click on it and select delete)
Then refresh the dashboard view; you must be redirected to the homepage!