5

Passport.js offers great authentication for node.js and Express including a middleware solution:

ensureAuthenticated = function(req, res, next) {
 if (req.isAuthenticated()) {
 return next();
 }
 return res.redirect("/login");
};

How can I use this middleware in the express-resource module? Unfortunately,

app.resource('users', ensureAuthenticated, require('./resources/users'));

doesn't work.

aynber
23.3k9 gold badges57 silver badges69 bronze badges
asked Feb 9, 2012 at 15:28

6 Answers 6

14

I know this is a little too late, and the original post was answered, however, I was looking for the same answer and found a solution I thought others might want to know.

Just make sure ensureAuthenticated is called from passport.

 app.resource('users', passport.ensureAuthenticated, require('./resources/users'));

It is found here: https://gist.github.com/1941301

answered Jun 26, 2012 at 18:40
Sign up to request clarification or add additional context in comments.

2 Comments

AFAIK, express-resources does not support this kind of middleware relay. The third argument for app.resource is for options.
This won't work. the gist referred to above is using app.get as an example, and not express-resource.
5

Workaround. Ensure authentication on all requests and ignore requests going to /auth and /auth/callback.

app.all('*', function(req, res, next) {
 if (/^\/auth/g.test(req.url)) {
 return next();
 } else if (req.isAuthenticated()) {
 return next();
 } else {
 return next(new Error(401));
 }
});
answered Feb 28, 2012 at 10:05

1 Comment

Hopefully no one is copying this into their app. Using the above code, just append ?auth to any request and you'd have access. At least change the regex to /^\/auth/
2

You will need to do some magic in order to have each resource use the authentication middleware. The following gist explains how to accomplish this by using a menu structure.

https://gist.github.com/3610934

Essentially, you need the following logic:

app.all('/' + item.name + '*', ensureAuthenticated, function (req, res, next) {
 next();
});

You could then in your menu structure specify what resources are protected, and if they require any kind of specific permissions, even down to the HTTP method level.

Hopefully this helps someone!

answered Sep 3, 2012 at 17:17

Comments

0

I'm not sure if express-resource has the option of inserting middleware into specific resources, but you could always insert checking if you are in that resource inside the middleware.

ensureAuthenticated = function(req, res, next) {
 if (!/^users/.test(req.url) || req.isAuthenticated()) {
 return next();
 }
 return res.redirect("/login");
};
answered Feb 9, 2012 at 22:08

1 Comment

The problem is to call ensureAuthenticated from a resource, not to see in which resource I am. I put an app.all-handler in, that works well. Thanks
0

This works:

app.get('/', ensureAuthenticated, admin.index);

As long as your strategy is setup correctly. I'm using the local strategy. Check out the guide:

http://passportjs.org/guide/username-password.html

answered Feb 28, 2012 at 2:00

Comments

0

I was looking up this topic as well, and found https://npmjs.org/package/express-resource-middleware. Haven't tested it, though.

answered Jan 7, 2013 at 1:35

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.