express-profile-validator
v1.0.0
Published
A simple middleware to validate user profile permissions.
Downloads
4
Maintainers
Readme
express-profile-validator
Table of contents
What is express-profile-validator⬆
express-profile-validator is a middleware
for validating permissions on a resource of an express application.
Designed to be easy and quick to apply, as well as providing scalability during the development stage.
Installation
Install module using
npm install express-profile-validator
Previous considerations⬆
To use this middleware is neccesary consider two things:
If your express app use JWT like authentication method is necessary what JWT be sended like request
Authorization
header withBearer
type.Regardless of which authentication method your express application is using, you must ensure that in your JWT or Session there is an object that respects the
Profile
interface.
Important: Name this property/claim like loggedProfile
.
interface Profile {
id: number
name: string
}
Methods⬆
executeWithSession⬆
This method can be called when your express app is using Session
, verify if Request
session logged profile is included in authorized profiles
set.
import express from "express";
const router = express.Router();
router.get('/my-awesome-endpoint', ProfileAuthorization.executeWithSession(authorizedProfiles), myAwesomeController.myAwesomeFunction);
executeWithJWT⬆
This method can be called when your express app is using JWT
, verify if Token claim
logged profile is included in authorized profiles
set.
import express from "express";
const router = express.Router();
router.get('/my-awesome-endpoint', ProfileAuthorization.executeWithJWT(authorizedProfiles), myAwesomeController.myAwesomeFunction);
Usage
This middleware is designed to be used at the route level as we saw in methods:
router.get('/my-awesome-endpoint', ProfileAuthorization.executeWithSession(authorizedProfiles), myAwesomeController.myAwesomeFunction);
or at the router level:
router.use(ProfileAuthorization.executeWithSession(authorizedProfiles));
router.get('/my-awesome-endpoint', myAwesomeController.myAwesomeFunction);
router.post('/my-awesome-post-endpoint', myAwesomeController.myAwesomeCreateFunction);
In this last example both endpoints will be affected by the middleware, and all those added in the future.
Contributions
Contributions are welcome! Please feel free to submit a pull request.