CODEWITHSUNDEEP
javascriptnode.jsexpressauthentication
user10090131
user10090131

Reputation:

Excluding routes from authentication express site

I'm creating an app using node, express, and have a passport authorization middleware implemented for all routes-. I am following a highly modular approach to build my app. I try to exclude specific APIs from authentication when I include them above the authorization middleware. But when I include app.use('/', require('./api/search/index')); above the authorization middleware, APIs beneath stop working. Criticism and suggestion are all welcome for this approach and what can I do to resolve this problem. I don't want to include route middleware in each route like this

route.get('/example', auth.middleware(), function (req, res) {
})

Below is my app approach with single authorization middleware for all routes

var express = require('express');
var bodyParser = require('body-parser');
var app = express();
var auth = require("./auth.js")();

app.use(auth.initialize());

//Excluding the search API from Authentication,
app.use('/', require('./api/search/index'));

//Middleware for all APIs and require Auth headers for authorization access
app.use(auth.authenticate(), function (req, res, next) {
    if (req.headers.authorization && req.user) {
        var parted = req.headers.authorization.split(' ');
        if (parted.length === 2) {
            console.log(req.user);
            next();
        } else {
            return res.status(403).send({
                success: false,
                msg: 'Unauthorized.'
            });
        }
    } else {
        return res.status(503).send({
            success: false,
            msg: 'Bad Request'
        });
    }
});

//Join routers
app.use('/', require('./api/users/index'));
app.use('/', require('./api/product/index'))
app.use('/', require('./api/company/index'))

Upvotes: 1

Views: 4215

Answers (2)

TimCodes
TimCodes

Reputation: 365

You can block your routes together using express.Router. For instance, you could have a route called "/api/secure" and then create a router for that route and group all secure routes there. and then have another for unsecured routes'

enter image description here

Express Router Docs

Upvotes: 0

yBrodsky
yBrodsky

Reputation: 5041

There are a million ways you can do this. What you can do is this:

app.use('/', require('./api/search/index'));
app.use('/', auth.authenticate(), require('./api/users/index'));
app.use('/', auth.authenticate(), require('./api/product/index'))
app.use('/', auth.authenticate(), require('./api/company/index'))

This way, the auth.authenticate() middleware will be applied to every child route you are requiring. And you leave the index without anything. This gives you a more granular control of where you apply the auth middleware, without having to apply it to every single route. You can take this to another level and group several routes inside a /admin/ and apply the middleware only once. Your imagination is the limit.

Upvotes: 1

Related Questions