The Problem of Users’ Access to Pages on nodejs

  node.js, question

Question: I need to judge whether the current user has the right to access the current url. However, when receiving the access, I cannot judge whether it is the page request or the interface access, so I cannot distinguish it.

My thoughts are as follows:

app.use(function (req, res, next) {
 // 1. get url
 // 2. Judge whether there is access qualification according to url and current user configuration
 })

If there are good methods and suggestions, hope to provide help.

I am also groping for practice in this area.

Based on my experience, the answers are as follows:

  1. The design should set the same type of api under a base_path as much as possible, so that a middleware authentication can be mounted on that base_path.

  2. Based on rbac, I tried to get path and user.role from the middleware of your idea. Then through a given map query.accessible = PermitRoleMap[req.user.role][req.url.path]

  3. Under the above conditions, PermitRoleMap is a two-dimensional bool array. It can also be upgraded to allow storage of function.

  4. Finally, there are usually a few path’s with special permissions to process middleware or processing steps.

Besides, I’m watching it now.
https://github.com/bryandragon/mongoose-rbac
https://github.com/OptimalBits/node_acl