Skip to content

auth.onlyUsers

Samuel S. Donovan edited this page Feb 2, 2022 · 2 revisions

auth.onlyUsers allows developers to whitelist certain userIDs for a set of pages.

If a non-user attempts to access a restricted page, they will be met with a 401 - Unauthorized response.

If a user attempts to access a page they do not have access to, they will be met with a 403 - Forbidden response.

It is important to note that unauthorized requests will not reach the defined endpoint.

Method

auth.onlyUsers() Only logged in users
auth.onlyUsers("a", "b", "c"...) Only users provided
auth.onlyUsers(["a", "b", "c"...]) Only users in the provided array

Response codes

200 Authorized
401 Unauthorized (not logged in)
403 Forbidden (logged in, not on whitelist)

Example


app.use("/admin", auth.onlyUsers("admin"));

app.get("/groups", (req, res) => {
    res.send(auth.groups.all());
});

Clone this wiki locally