-
Notifications
You must be signed in to change notification settings - Fork 2
npp_require_auth
Jurek Muszyński edited this page Mar 31, 2022
·
6 revisions
Sets required authorization level for the path.
host indicates host with NPP_MULTI_HOST, otherwise can be NULL.
level can have one of the following values:
| macro | value | notes |
|---|---|---|
| AUTH_LEVEL_NONE | 0 | No session is required. |
| AUTH_LEVEL_ANONYMOUS | 1 | Anonymous session is required. If there's no valid as cookie, anonymous user session is started. |
| AUTH_LEVEL_LOGGEDIN | 2 | Authenticated session is required. If request does not have valid ls cookie, it's redirected to URI defined in npp_app.h NPP_LOGIN_URI. |
| AUTH_LEVEL_USER AUTH_LEVEL_CUSTOMER AUTH_LEVEL_STAFF AUTH_LEVEL_MODERATOR AUTH_LEVEL_ADMIN AUTH_LEVEL_ROOT |
10 20 30 40 50 100 |
User has to have at least matching auth_level. Otherwise request will receive 404 (security by obscurity). |
| AUTH_LEVEL_NOBODY | 125 | Provided for whitelist-based access model, when high security is required. Meant only for NPP_REQUIRED_AUTH_LEVEL. If set to AUTH_LEVEL_NOBODY, only resources explicitly set via npp_require_auth() will be accessible. |
Resources not set with npp_require_auth() get default level specified in npp_app.h NPP_REQUIRED_AUTH_LEVEL or in npp_add_host. For more information see Sessions in Node++.
Static resources always have AUTH_LEVEL_NONE.
None
// in npp_app_init()
npp_require_auth(NULL, "about", AUTH_LEVEL_NONE);
npp_require_auth(NULL, "dashboard", AUTH_LEVEL_LOGGEDIN);
npp_require_auth("foo.com", "blockIP", AUTH_LEVEL_ADMIN);
npp_require_auth("foo.com", "api/users*", AUTH_LEVEL_ADMIN);