Express rights management

  node.js, question

No easy-to-use rights management package has been found. How should I write the rights management using token for authentication? How to write better?

My approach is this:

Add a general rule before all routing rules to filter incoming requests, assuming oneauthenticate()Function.

Inauthenticate()Function, selecttimestampAndtokenFields. Let’s judge first.timestampThe legitimacy of, for example, compared with the current time cannot exceed 5 minutes. Then, according to your token rule, generate a token for verification, and compare it with the token in the urltokenFor comparison, if it is consistent, the verification is passed.

In case of any illegal situation, immediatelyreturn res.status(400).send({ok: -1, errMsg: "<ERROR MESSAGE>"})And finallynext()To release legitimate requests.