-
requireLogin
: check if user is login -
requireRole
: check if user is admin -
checkIdExistene
: check if an objectid exists in a mongodb collection -
checkOwnership
: check if a document is created by currently logged in user -
globalErrorHandler
: express global error handler -
routeNotFound
: simple prewritten function to handle route not found error
In order to make this middleware work:
- you need to pass in User model created from express.Model as an arguement
- defined process.env.JWT_SECRET
- apply
cookie-parse
into express app
const { requireLogin } = require('express-common-middlewares');
router.use('/require-login', requireLogin(User), (req, res, next) => {
res.status(200).json({ status: 'success', message: 'pass the test' });
});
Require role simple check if req.user.role has a specific role.
// in this example, it check if user has role of admin
const { requireLogin, requireRole } = require('express-common-middlewares');
router.use(
'/require-role',
requireLogin(User),
requireRole('admin'),
(req, res, next) => {
res.status(200).json({ status: 'success', message: 'pass the test' });
},
);
It can also check if user has one of multiple roles
// in this example, it check if user has roles of admin, write or support
router.use(
'/require-role',
requireLogin(User),
// it will pass if user is one of these 3 roles
requireRole('admin', 'writer', 'support'),
(req, res, next) => {
res.status(200).json({ status: 'success', message: 'pass the test' });
},
);
Check if all the object ids inside req.body.friends
do exist.
req.body.friends
can be a single objectid
or array of objectids.
router.use(
'/check-id-existence',
checkIdExistence(User, 'friends'), // check if all ids in friends exist in db
(req, res, next) => {
res.status(200).json({ status: 'success', message: 'pass the test' });
},
);
It will throw error if req.body.friends
contains an user id that does not exist.
You can check whatever field in whatever mongodb collection you want, not just req.body.friends
fields in user collection
.
This middleware accept mongoose model as an argument.
It will check if the document with id = req.params.id
createdBy current login user.
// in this example, it check if user has role of admin
router.use(
'/:id',
requireLogin(User),
requireOwnership(Product), // check if user has ownership to product with id = req.params.id
(req, res, next) => {
res.status(200).json({ status: 'success', message: 'pass the test' });
},
);
Behaviour:
- return success if user have ownership to that doc
- return success if user is admin
- return error if user does not have ownership
- return error if document with id params does not exist
- return error if document does not contain createdBy field
Important note:
- the document that you checked ownership for need to have
createdBy
field contain creator userid - you need to use
requireLogin
middleware before usingrequireOwnership
because +requireOwnership
need to usereq.user
- The route you apply
requireOwnership
middleware must havereq.params.id
This middleware only handle jwt verify failure.
Otherwise, it just return generic message: Something wentwrong!
const app = express();
app.use(globalErrorHandler);
This is everything this middleware do!
res.status(404).json({
status: 'fail',
message: 'This route is not defined',
});
const app = express();
app.use(routeNotFound);