1.0.4 • Published 10 years ago
fi-seed-component-auth v1.0.4
fi-seed-component-auth
Fi Seed's route authorization component
Usage
Use on fi-seed
var auth = component('auth');Use on Express app
var auth = require('fi-seed-component-auth');Initialization
You must call it with your Express's app instance, to attach the routes, and a configuration object. It's important to initialize the session before you configure Auth:
var auth = require('fi-seed-component-auth');
var session = require('express-session');
var express = require('express');
var app = express();
app.use(session({
/* Session config */
}));
auth(app, config);
/* And now your routes */Configuration
The configuration object must have an authorizer function and a route array. The debug parameter is optional but recommended.
IMPORTANT: All routes are allowed by default!
debug:
- This option can be a
Functionto log with or aBoolean. Iftrueit'll useconsole.log.
- This option can be a
authorizer:
- This is required and must be a
Function. This function is run on each request and should return the value that will be evaluated against theallowsparameter value inside each route definition. The authorizer result will be attached toreq.session.authorizedso it must return a value to compare against each route'sallowsparameter.
- This is required and must be a
routes:
- An
Arraywith the routes to authorize:- method: A
Stringor anArrayof HTTP request methods to filter. If no method is specified it defaults to 'ALL'; - route: A
Stringor anArrayof strings to filter. - allows: A
Stringor anArrayof authorization values to filter:
- method: A
- An
{
debug: 'app:auth',
authorizer: function (req) {
if (req.session.user) {
return req.session.user.admin && 'admin' || 'user';
}
return false;
},
routes: [{
method: 'GET',
route: '/api/users',
allows: 'admin'
}, {
method: ['POST', 'PUT', 'DELETE'],
route: ['/api/users', '/api/stuff'],
allows: 'admin'
}, {
method: ['POST', 'PUT', 'DELETE'],
route: '/api/content',
allows: ['user', 'admin']
}]
}