DEV Community: Prince_Np The latest articles on DEV Community by Prince_Np (@princeniyonshuti). https://dev.to/princeniyonshuti https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F836660%2Fae2e2aee-b1fc-4ac2-abc3-2f73f2a41f39.jpeg DEV Community: Prince_Np https://dev.to/princeniyonshuti en How to protect admin dashboard using Html,Css and Js Prince_Np Fri, 25 Mar 2022 17:24:57 +0000 https://dev.to/princeniyonshuti/how-to-protect-admin-dashboard-using-htmlcss-and-js-24o5 https://dev.to/princeniyonshuti/how-to-protect-admin-dashboard-using-htmlcss-and-js-24o5 <p>In this brief tutorial, I will present how you can protect the Admin Panel and User Panel to your Html,Css and Javascript website or application consuming NodeJs Backend. You can use this knowledge to build an entire application with access roles for managing different sort of users. </p> <p>first you must have the <strong>token</strong> for authentication and additional you need to have the <strong>user data</strong> in the <strong>Local storage</strong> as show in the demo </p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fivn9jyqwxnwis8pargvf.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fivn9jyqwxnwis8pargvf.png" alt="Image description" width="800" height="347"></a></p> <p>then the <strong>role</strong> in the user payload is the one we are going to be basing on while redirecting and protecting the admin and user dashboard by implying these 2 function that will be applied or called to each page of the admin or user accordingly .</p> <h3> Function to check if you are authenticated </h3> <p>this function need to be applied to the login and register page so that the authenticated user can not be able to access them.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">function</span> <span class="nf">checkAuthentication</span><span class="p">()</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">"</span><span class="s2">user</span><span class="dl">"</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">role</span> <span class="o">=</span> <span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">admin</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">admin</span><span class="dl">"</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">role</span> <span class="o">===</span> <span class="nx">admin</span><span class="p">)</span> <span class="p">{</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">../admin/dashboard.html</span><span class="dl">"</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">role</span> <span class="o">!=</span> <span class="nx">admin</span><span class="p">)</span> <span class="p">{</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">../user/dashboard.html</span><span class="dl">"</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c1">// do nothing</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">checkAuthentication</span><span class="p">();</span> </code></pre> </div> <p>this function will protect your login page and register page .</p> <h3> Function to protect Admin dashboard </h3> <p>this function need to be applied to all pages that you need to be accessed only by the admin but the practice is used was to group together all admin files in the admin directory and user files in the user directory so that the Un-authenticated user can not be able to access them.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">checkAdmin</span><span class="p">()</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">"</span><span class="s2">user</span><span class="dl">"</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">role</span> <span class="o">=</span> <span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">admin</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">admin</span><span class="dl">"</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">role</span> <span class="o">===</span> <span class="nx">admin</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Admin</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">role</span> <span class="o">!=</span> <span class="nx">admin</span><span class="p">)</span> <span class="p">{</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">../user/dashboard.html</span><span class="dl">"</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">../login.html</span><span class="dl">"</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">User</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">checkAdmin</span><span class="p">();</span> </code></pre> </div> <p>as you can see I'm basing on the user role that have been stored in the local storage so that I can redirect the user if he/she tries to tamper with the admin files.</p> <h3> Function to protect User dashboard </h3> <p>this function need to be applied to all pages that you need to be accessed only by the user so that the Un-authenticated user can not be able to access them.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">checkAuthUser</span><span class="p">()</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">"</span><span class="s2">user</span><span class="dl">"</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">role</span> <span class="o">=</span> <span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">standardUser</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">standard-user</span><span class="dl">"</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">role</span> <span class="o">===</span> <span class="nx">standardUser</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// do nothing </span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">role</span> <span class="o">!=</span> <span class="nx">standardUser</span><span class="p">)</span> <span class="p">{</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">../admin/dashboard.html</span><span class="dl">"</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">../login.html</span><span class="dl">"</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c1">// do nothing</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>for this all your routes will be protected and safe form outside users .</p> <p>if you are interested this the link to the <a href="https://github.com/PrinceNiyonshuti/ATLP-capstone-project.git" rel="noopener noreferrer">Github repository</a> , don't forget to like and follow to support for future posts,<br> Thanks .</p> javascript html css dashboard