How to use the middleware to check the authorization before entering each route in express? How to use the middleware to check the authorization before entering each route in express? express express

How to use the middleware to check the authorization before entering each route in express?


node.js express middleware

As long as 

app.use(authChecker);

is before 

app.use(app.router);

it will get called for every request. However, you will get the "too many redirects" because it is being called for ALL ROUTES, including /auth. So in order to get around this, I would suggest modifying the function to something like:

function authChecker(req, res, next) {    if (req.session.auth || req.path==='/auth') {        next();    } else {       res.redirect("/auth");    }}

This way you won't redirect for the auth url as well.

node.js express middleware

There are may ways to approach this problem but here is what works for me.

I like to create an array of middleware for protected and unprotected routes and then use when necessary.

var protected   = [authChecker, fetchUserObject, ...]var unprotected = [...]app.get("/", unprotected, function(req, res){  // display landing page})app.get("/dashboard", protected, function(req, res){  // display private page (if they get this far)})app.get("/auth", unprotected, function(req, res){  // display login form})app.put("/auth", unprotected, function(req, res){  // if authentication successful redirect to dashboard  // otherwise display login form again with validation errors})

This makes it easy to extend functionality for each middleware scopes by editing the array for each type of route. It also makes the function of each route more clear because it tells us the type of route it is.

Hope this helps.

node.js express middleware

But when I used an individually middleware to check the authorization, it's useless for the already existing routes

Express will run middleware in the order added to the stack. The router is one of these middleware functions. As long as you get your authChecker into the stack BEFORE the router, it will be used by all routes and things will work.

Most likely you have the router before authChecker because you have routes defined prior to getting your authChecker into the stack. Make sure to put all your app.use calls before any calls to app.get, app.post, etc to avoid express's infuriating implicit injection of the router into the middleware stack.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last