5

Passport.js offers great authentication for node.js and Express including a middleware solution:

ensureAuthenticated = function(req, res, next) {
  if (req.isAuthenticated()) {
    return next();
  }
  return res.redirect("/login");
};

How can I use this middleware in the express-resource module? Unfortunately,

app.resource('users', ensureAuthenticated, require('./resources/users'));

doesn't work.

aynber
  • 22,380
  • 8
  • 50
  • 63
Patrick
  • 7,903
  • 11
  • 52
  • 87

6 Answers6

14

I know this is a little too late, and the original post was answered, however, I was looking for the same answer and found a solution I thought others might want to know.

Just make sure ensureAuthenticated is called from passport.

    app.resource('users', passport.ensureAuthenticated, require('./resources/users'));

It is found here: https://gist.github.com/1941301

Lan
  • 158
  • 1
  • 7
  • AFAIK, `express-resources` does not support this kind of middleware relay. The third argument for `app.resource` is for options. – Greg Wang Jul 24 '13 at 12:24
  • 1
    This won't work. the gist referred to above is using app.get as an example, and not express-resource. – Jon Madison Nov 19 '13 at 04:12
5

Workaround. Ensure authentication on all requests and ignore requests going to /auth and /auth/callback.

app.all('*', function(req, res, next) {
  if (/^\/auth/g.test(req.url)) {
    return next();
  } else if (req.isAuthenticated()) {
    return next();
  } else {
    return next(new Error(401));
  }
});
Patrick
  • 7,903
  • 11
  • 52
  • 87
  • 3
    Hopefully no one is copying this into their app. Using the above code, just append `?auth` to any request and you'd have access. At least change the regex to `/^\/auth/` – Cory Mawhorter Feb 19 '13 at 06:06
2

You will need to do some magic in order to have each resource use the authentication middleware. The following gist explains how to accomplish this by using a menu structure.

https://gist.github.com/3610934

Essentially, you need the following logic:

app.all('/' + item.name + '*', ensureAuthenticated, function (req, res, next) {
  next();
});

You could then in your menu structure specify what resources are protected, and if they require any kind of specific permissions, even down to the HTTP method level.

Hopefully this helps someone!

tbjers
  • 564
  • 3
  • 13
0

I was looking up this topic as well, and found https://npmjs.org/package/express-resource-middleware. Haven't tested it, though.

az_
  • 1,493
  • 1
  • 16
  • 24
0

I'm not sure if express-resource has the option of inserting middleware into specific resources, but you could always insert checking if you are in that resource inside the middleware.

ensureAuthenticated = function(req, res, next) {
  if (!/^users/.test(req.url) || req.isAuthenticated()) {
    return next();
  }
  return res.redirect("/login");
};
fent
  • 17,861
  • 15
  • 87
  • 91
  • The problem is to call ensureAuthenticated from a resource, not to see in which resource I am. I put an app.all-handler in, that works well. Thanks – Patrick Feb 10 '12 at 09:26
0

This works:

app.get('/', ensureAuthenticated, admin.index);

As long as your strategy is setup correctly. I'm using the local strategy. Check out the guide:

http://passportjs.org/guide/username-password.html

jabbermonkey
  • 1,680
  • 4
  • 19
  • 37