Express Api problem

iiio2 · March 22, 2019, 11:51am

Hello all,
I am trying to fetch posts from particular user who is logged in. the post cannot be seen by other user who is not logged in and also who is not the same user.

I used

router.get('/',(req,res)=>{
    Post.find({})
    .sort({date:-1}).exec()
    .then(posts=>res.json(posts))
    .catch(err=>res.status(400).json(err))
});

and in Post model,

const PostSchema = new Schema({
    user:{
        type:Schema.Types.ObjectId,
        ref:'users'
    },
    title:{
        type:String,
        required:true
    },
    description:{
        type:String,
        required:true
    },
    date:{
        type:Date,
        default:Date.now
    }
});

frankRose1 · March 28, 2019, 5:21pm

How exactly are you authenticating your users? Without knowing this it will be hard to help you. In any case a common way of doing this is to first authenticate the user using middleware, then populate the request object with the user _id and/or some other user information. You can use this middleware before any routes that require authentication. You can get posts that belong to the currently authenticated user by querying the “user” field with the user’s ID.

Topic		Replies	Views
If a user is restricted from a "get" route, is the user also restricted from the "post" route?	2	553	January 16, 2021
GET: /api/users/:id/logs Backend Development	5	447	January 7, 2025
Here, I develop a personal blog backend with node js and express, However, there are problems with authorization JavaScript	1	850	October 8, 2023
How to get username from userid using map function JavaScript	1	1444	December 8, 2022
Why Do I Get Entire Database When Only Requesting One Set? Backend Development	4	315	February 16, 2023

Express Api problem

Related topics