Skip to content

auth.onlyGroups

Samuel S. Donovan edited this page Feb 2, 2022 · 1 revision

auth.onlyGroups allows developers to whitelist users of certain groups for a set of pages.

If a non-user attempts to access a restricted page, they will be met with a 401 - Unauthorized response.

If a user attempts to access a page they do not have access to, they will be met with a 403 - Forbidden response.

It is important to note that unauthorized requests will not reach the defined endpoint.

Method

auth.onlyGroups() Only logged in users in at least one group
auth.onlyGroups("a", "b", "c"...) Only users in the groups provided
auth.onlyGroups(["a", "b", "c"...]) Only users in groups in the provided array

Response codes

200 Authorized
401 Unauthorized (not logged in)
403 Forbidden (logged in, not in a whitelisted group)

Example


app.use("/users", auth.onlyGroups("manager"));

app.get("/users", (req, res) => {
    res.send(auth.users.all());
});

Clone this wiki locally