Node.js + Express.js User Permission Security Model

后端未结

关注

 4  1775

一生所求 2020-12-12 08:50

We have an application that has two types of users. Depending on how the user logs in, we want them to have access to different parts of the application.

How do we i

4条回答

孤街浪徒 (楼主)

2020-12-12 09:27

Having it per-route usually works for me. This is what I typically do:

function requireRole (role) {
    return function (req, res, next) {
        if (req.session.user && req.session.user.role === role) {
            next();
        } else {
            res.send(403);
        }
    }
}

app.get("/foo", foo.index);
app.get("/foo/:id", requireRole("user"), foo.show);
app.post("/foo", requireRole("admin"), foo.create);

// All bars are protected
app.all("/foo/bar", requireRole("admin"));

// All paths starting with "/foo/bar/" are protected
app.all("/foo/bar/*", requireRole("user"));

0 讨论(0)

查看其它4个回答