-
-
Notifications
You must be signed in to change notification settings - Fork 18.3k
/
Copy pathindex.js
90 lines (75 loc) · 2.34 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
'use strict'
/**
* Module dependencies.
*/
var express = require('../../lib/express');
var app = express();
// Example requests:
// curl http://localhost:3000/user/0
// curl http://localhost:3000/user/0/edit
// curl http://localhost:3000/user/1
// curl http://localhost:3000/user/1/edit (unauthorized since this is not you)
// curl -X DELETE http://localhost:3000/user/0 (unauthorized since you are not an admin)
// Dummy users
var users = [
{ id: 0, name: 'tj', email: 'tj@vision-media.ca', role: 'member' }
, { id: 1, name: 'ciaran', email: 'ciaranj@gmail.com', role: 'member' }
, { id: 2, name: 'aaron', email: 'aaron.heckmann+github@gmail.com', role: 'admin' }
];
function loadUser(req, res, next) {
// You would fetch your user from the db
var user = users[req.params.id];
if (user) {
req.user = user;
next();
} else {
next(new Error('Failed to load user ' + req.params.id));
}
}
function andRestrictToSelf(req, res, next) {
// If our authenticated user is the user we are viewing
// then everything is fine :)
if (req.authenticatedUser.id === req.user.id) {
next();
} else {
// You may want to implement specific exceptions
// such as UnauthorizedError or similar so that you
// can handle these can be special-cased in an error handler
// (view ./examples/pages for this)
next(new Error('Unauthorized'));
}
}
function andRestrictTo(role) {
return function(req, res, next) {
if (req.authenticatedUser.role === role) {
next();
} else {
next(new Error('Unauthorized'));
}
}
}
// Middleware for faux authentication
// you would of course implement something real,
// but this illustrates how an authenticated user
// may interact with middleware
app.use(function(req, res, next){
req.authenticatedUser = users[0];
next();
});
app.get('/', function(req, res){
res.redirect('/user/0');
});
app.get('/user/:id', loadUser, function(req, res){
res.send('Viewing user ' + req.user.name);
});
app.get('/user/:id/edit', loadUser, andRestrictToSelf, function(req, res){
res.send('Editing user ' + req.user.name);
});
app.delete('/user/:id', loadUser, andRestrictTo('admin'), function(req, res){
res.send('Deleted user ' + req.user.name);
});
/* istanbul ignore next */
if (!module.parent) {
app.listen(3000);
console.log('Express started on port 3000');
}