-
Notifications
You must be signed in to change notification settings - Fork 0
auth.onlyUsers
Samuel S. Donovan edited this page Feb 2, 2022
·
2 revisions
auth.onlyUsers allows developers to whitelist certain userIDs for a set of pages.
If a non-user attempts to access a restricted page, they will be met with a 401 - Unauthorized response.
If a user attempts to access a page they do not have access to, they will be met with a 403 - Forbidden response.
It is important to note that unauthorized requests will not reach the defined endpoint.
auth.onlyUsers() |
Only logged in users |
auth.onlyUsers("a", "b", "c"...) |
Only users provided |
auth.onlyUsers(["a", "b", "c"...]) |
Only users in the provided array |
200 |
Authorized |
401 |
Unauthorized (not logged in) |
403 |
Forbidden (logged in, not on whitelist) |
app.use("/admin", auth.onlyUsers("admin"));
app.get("/groups", (req, res) => {
res.send(auth.groups.all());
});