91 lines
2.3 KiB
JavaScript
91 lines
2.3 KiB
JavaScript
'use strict'
|
|
|
|
/**
|
|
* Module dependencies.
|
|
*/
|
|
|
|
var express = require('../../lib/express');
|
|
|
|
var app = express();
|
|
|
|
// Example requests:
|
|
// curl http://localhost:3000/user/0
|
|
// curl http://localhost:3000/user/0/edit
|
|
// curl http://localhost:3000/user/1
|
|
// curl http://localhost:3000/user/1/edit (unauthorized since this is not you)
|
|
// curl -X DELETE http://localhost:3000/user/0 (unauthorized since you are not an admin)
|
|
|
|
// Dummy users
|
|
var users = [
|
|
{ id: 0, name: 'tj', email: 'tj@vision-media.ca', role: 'member' }
|
|
, { id: 1, name: 'ciaran', email: 'ciaranj@gmail.com', role: 'member' }
|
|
, { id: 2, name: 'aaron', email: 'aaron.heckmann+github@gmail.com', role: 'admin' }
|
|
];
|
|
|
|
function loadUser(req, res, next) {
|
|
// You would fetch your user from the db
|
|
var user = users[req.params.id];
|
|
if (user) {
|
|
req.user = user;
|
|
next();
|
|
} else {
|
|
next(new Error('Failed to load user ' + req.params.id));
|
|
}
|
|
}
|
|
|
|
function andRestrictToSelf(req, res, next) {
|
|
// If our authenticated user is the user we are viewing
|
|
// then everything is fine :)
|
|
if (req.authenticatedUser.id === req.user.id) {
|
|
next();
|
|
} else {
|
|
// You may want to implement specific exceptions
|
|
// such as UnauthorizedError or similar so that you
|
|
// can handle these can be special-cased in an error handler
|
|
// (view ./examples/pages for this)
|
|
next(new Error('Unauthorized'));
|
|
}
|
|
}
|
|
|
|
function andRestrictTo(role) {
|
|
return function(req, res, next) {
|
|
if (req.authenticatedUser.role === role) {
|
|
next();
|
|
} else {
|
|
next(new Error('Unauthorized'));
|
|
}
|
|
}
|
|
}
|
|
|
|
// Middleware for faux authentication
|
|
// you would of course implement something real,
|
|
// but this illustrates how an authenticated user
|
|
// may interact with middleware
|
|
|
|
app.use(function(req, res, next){
|
|
req.authenticatedUser = users[0];
|
|
next();
|
|
});
|
|
|
|
app.get('/', function(req, res){
|
|
res.redirect('/user/0');
|
|
});
|
|
|
|
app.get('/user/:id', loadUser, function(req, res){
|
|
res.send('Viewing user ' + req.user.name);
|
|
});
|
|
|
|
app.get('/user/:id/edit', loadUser, andRestrictToSelf, function(req, res){
|
|
res.send('Editing user ' + req.user.name);
|
|
});
|
|
|
|
app.delete('/user/:id', loadUser, andRestrictTo('admin'), function(req, res){
|
|
res.send('Deleted user ' + req.user.name);
|
|
});
|
|
|
|
/* istanbul ignore next */
|
|
if (!module.parent) {
|
|
app.listen(3000);
|
|
console.log('Express started on port 3000');
|
|
}
|