Step 16

The dashboard is a "protected resource". Only a user must be able to access this page. At the moment, we can directly navigate to dashboard: http://localhost:5001/dashboard.

Now that we have a "username" cookie, we can use as an indication to which a user is logged in or not. We can therefore protect the dashboard view:

app.get("/dashboard", (req, res) => {
  const username = req.cookies.username;
  const message = req.cookies.message;
  if (username) {
    res.render("dashboard.njk", { username, message });
  } else {
    res.cookie("message", "Please login first!").redirect("/");
  }
});

Save the index.js file. In developer tools, manually delete the "username" cookie: (right click on it and select delete)

Then refresh the dashboard view; you must be redirected to the homepage!