I have integrated sessionStorage and firebase authentication for user email and password in my project.
Currently, I am facing an issue in my server.js where I need to prevent access to a route if the user is not logged in, and instead redirect them to the login route. The challenge is that the firebase SDK I am using can only be used on the client side. I have been unable to find any documentation that could help me with this problem.
If more clarification is needed regarding my question, please let me know and I will provide it.
This is a snippet from my server.js file:
const express = require('express');
const admin = require('firebase-admin');
const bcrypt = require('bcrypt');
const path = require('path');
let serviceAccount = require("./1234.json");
admin.initializeApp({
credential: admin.credential.cert(serviceAccount)
});
let staticPath = path.join(__dirname,"public");
const app = express();
app.use(express.static(staticPath));
app.use(express.json());
app.get('/login', (req,res) => {
res.sendFile(path.join(staticPath, "form.html"));
})
app.get('/seller', (req,res) => {
// if(!user) res.redirect('/login');
res.sendFile(path.join(staticPath, "seller.html"));
})
Update: I have tried creating a seller.js file to handle this issue, but I am unsure about its security or if there is a way to prevent it from being tampered with:
body = document.getElementsByTagName('BODY')[0];
user = JSON.parse(sessionStorage.user);
if(user && user.seller){
console.log('Allow Access')
} else{
console.log('Deny')
body.innerHTML = `
<div class="sticky" id="nav"></div>
<div style="padding:300px">
<center>You do not have permission to view this page.</center>
</div>
<div id="footer"></div>
`;
}