I’m trying to preserve the user from the 403 error.

Could happen through the cronology of the browser that a user not logged goes on a forbidden dynamic page like:
https://costieraslow.wixsite.com/ilmiosito04/Members/cc0d2bae-d5c7-4228-b1df-9944598084e5
So it needs of a router logic, but I’m getting stuck, I am not able to get the correct result

[ router.js - Backend]

import {ok, redirect} from 'wix-router';
export function Members_afterRouter(request, response) {
if (response.status === 403) // if user not logged get forbidden page
return redirect("https://costieraslow.wixsite.com/ilmiosito04/home/");
}
or
return ok("home");

try this

import {ok, redirect} from 'wix-router';
export function Members_afterRouter(request) {
if (response.status === 403) {
  return redirect("https://costieraslow.wixsite.com/ilmiosito04/home/");
}
else {
  return ok("home");
}

Hi Andreas, thanks, but unfortunely it doesn’t work.
I tried also this:

import {ok, redirect} from 'wix-router';
export function Members_afterRouter(request, response) {
if (response.status !== 200) {return redirect("https://costieraslow.wixsite.com/ilmiosito04/home/");}
else {return ok("home");}   }

But I suspect that or router.js doesn’t work or it doesn’t work for me on my wix-account or that nobody knows very well how it works 'cause poor documentation.
What do you suggest ?

Up

Somebody knows how does it really work ?

Hi Mauro,

Wix router was not meant for those type of scenarios, i think that the validation is done in the browser eventually so you do not get 403 in the router, but i will have to check it deeper next week.
routers were made with SEO in mind do enable you to support all types of URLS in your site and direct them to the related page.

in the meanwhile why not using a more straight forward approach? in your confirmation email direct the user to a non-members are page, just a simple page in which you will use wix location to parse the url and get the user id, send them both the a backend function that will run you logic to either confirm and update the db accordingly on reject the request. the client code will receive the response from the backend function and will display the user with a relevant success/failure message

Shlomi

Thanks Shlomi !
«…Wix router was not meant for those type of scenarios, i…» Really ?
Oh, I suspect I really didn’t get the real way of function of routers !

In my problem of email confirmation sent to new members, this phase needs of a unique code, I thought to send to new member, in order to grant a minimum security level, an email with the link of the dynamic page composed by the path+userIDcode. So clicking this link the new member get the confirmation.

But could you lay down an example code snippet please ?

Mauro,

by reading your answer i might have not got the full context of what you are trying to do.
are you aiming for implementing your own interception point for each page to check if a user was validated by email or not?

if so, it is not possible yet. we are however working on new capabilities around this domain which should be available pretty soon. what’s coming, is the ability to customize the site user signup so you can also add your custom code and properties to the flow and prevent a user from becoming a site member in the first place, rather than having to check the validity for each user, each page forever.
please have a look here:

in the meantime what you can do is display those sections in your pages which you want only for confirmed users to those which were indeed confirmed by querying the db

Shlomi

I bag you pardon, I wasn’t able to explain myself very well.
The first thing I implemented in my site was the way you suggested to me.
But I need, when a new member sign in, to send him an email with a link in order to confirm himself by click on it.
In this way I would register his confirmation and activate a field (eg. confirmed) in the Members collection. So, in this way, I could give free access to this confirmed members only at pages I could decide.

Up

Mauro,

What you really need is a customisation over the members signup flow and finalize it only once a user is confirmed, it is currently not available. some additional capabilities will be available very soon.
please add email confirmation on sign up here - https://www.wix.com/code/home/forum/feature-requests

in the meanwhile you can try looking into:

1. Page Not Found - Velo API Reference - Wix.com
   see if the user is confirmed and try to https://www.wix.com/code/reference/wix-users.html#logout in csase he doesn’t and redirect him to a page that requests email confirmation.
   you can also “protect” sensitive user operations such as data operations - data hooks, on button clicks, backend code etc by validating the user is authorized before by checking your users collection before proceeding

2. look into router but instead of after router use before router and redirect the unauthorised users to an email confirmation page

good luck,
Shlomi

Hi Shlomi,
let’s try https://costieraslow.wixsite.com/ilmiosito04/Members/good/
it simple doesn’t work!

import {ok, redirect} from 'wix-router';
export function Members_beforeRouter(request)
{
if (request.path.length > 1 && request.path[0] === "good") 								
return redirect("https://costieraslow.wixsite.com/ilmiosito04/home/");	// or use: ok("home");   
}

Hi Mauro,

please use the router wizard to add a page to your routers, it was not configured right.
i have fixed it for you, please have a look:

https://costieraslow.wixsite.com/ilmiosito04/myRouter/good/

however as i have mentioned before, this feature is related to SEO when you want to write logic to implement specific urls on search engine and map them to specific pages

Shlomi

Hi Shlomi thansk so much for the example of the router use.

In these days I was thinking about your solution, but I am not able to understand a passage. In order to use the Router routines, is essential convert a normal page (Cloud) in a router page ?

I ask this 'cause my Access page for the users (…/cloud ), that was in Menu, was converted by you in a router page and is not more present now in the site Menu , it’s not more clickable.

Furthermore when I am not logged and I want to access to a forbidden page:
https://costieraslow.wixsite.com/ilmiosito04/Members/3403a11e-b831-4494-80b0-350424a09a5c
I am not redirect to home page as coded in the following router.js with the hook before_router :

import {
    ok,
    redirect
} from 'wix-router';

export function Members_beforeRouter(request) {
 if (request.path.length > 1 && request.path[0] === "good") {
 // if user not logged get forbidden page
 return redirect("https://costieraslow.wixsite.com/ilmiosito04/home/"); // or use: ok("home");   
    }
}

export function myRouter_Router(request) {
 //return ok("myRouter-page"); 
 if (request.path.length > 0 && request.path[0] === "good") {
 // if user not logged get forbidden page
 // return redirect("https://costieraslow.wixsite.com/ilmiosito04/home/"); // or use: 
 return ok("Cloud");   
    }
}

export function myRouter_SiteMap(request) {
 //Add your code for this event here: 
}

Hi Mauro, we will have a further look into it

Hi Mauro,

glad to share that we have just released this new feature:

https://www.wix.com/code/reference/wix-users-backend.html

seems this is what you were looking for,
good luck!
Shlomi

Ho Shlomi I hoped this really necessary step was arriving, thxs so much. (Y)

Hi Mauro, please check out this link (https://www.wix.com/code/home/forum/product-updates/custom-member-registration) to see if there are tips in the post that might help you with users registration and approvals, and also in any secure logical checks performed on the backend for site members. I think it might help you with some of your requirements.

Thx Omer, I believe it’s a big step. I hope we’ll see early also some wonderful examples about

Hi Shlomi et al - per your comment above re: ‘rouiters were made with SEO in mind’.

Your About Routers page:

States…
You might want to use a router to:

• Display a dynamic page using content from any data source.

• Customize your URLs to make them more meaningful and yield better SEO results.

• Authenticate users and then display content just for them.

• Return custom HTTP response codes.
  The API reference for routers can be found here .

Note the third bullet point states that you can use routers for user authentication. However the wix-users api is not available to the back end to get the current user (so how does one get it?) - could it be added to the wix-users-backend? Should we pass a key as a query on the url to allow for a data look up perhaps?

Seems that this would benefit from wix-crm-backend integration also.

Cheers
Steve

P.S. After continued research I found another post that pointed to the wix-router api which does have a user property.

user

Returns the details of the current site user who is logged in.
Syntax
Description
Returns an object with the id and role of the logged in user who made the router request.

So it seems this capability is present its a shame that the wix team hasn’t highlighted this possibility.