Express.js: how to bypass Everyauth for certain routes?

Question

I'm writing an application based on Express.js, while using Everyauth for authentication.

To initialize everyauth, I use:

app.use(everyauth.middleware());

I'd like to bypass authentication for certain routes. Specifically, I noticed findUserById is called for every request, and I'd like to skip it for certain routes (e.g. no authentication for /getImage).

Is that possible?

Answer 1

As of 0.4.5, everyauth.middleware must be called with Express's app object. You can therefore create a wrapped middleware this way:

var my_auth_middleware = function(app) {
  var auth = everyauth.middleware(app);
  // a custom middleware wrapping everyauth
  var middleware = function(req, res, next) {
    if (shouldAuthRequest(req)) {
      // go through the everyauth middleware
      auth(req, res, next);
    } else {
      // bypass everyauth
      next();
    }
  };
  // these allow the middleware to be "mounted" by Express
  middleware.set = true;
  middleware.handle = middleware;
  middleware.emit = auth.emit;
  // return our custom middleware
  return middleware;
};

and then add your wrapped middleware to the stack with

app.use(my_auth_middleware(app));

Answer 2

You could wrap the everyauth.middleware() callback manually.

var auth = everyauth.middleware();
app.use(function(req, res, next) {
  if (shouldAuthRequest(req)) {
    // call auth, as if it was part of the route
    auth(req, res, next);
  } else {
    // ignore auth
    next();
  }
});

This is nothing but a wrapped middleware.