Role-based access middleware for express.
It's just check for req.user.role fit one of the expected roles
-
Just save user role at req.user.role
-
Add access([roles]) middleware with list of expected roles for protected routes
const access = Require('mio-roles');
...
app.route('/hello').all(access('helloRole')).get(YourRouteLogic...);
app.route('/hello2').all(access(['helloRole2', 'admin'])).get(YourRouteLogic...);