Express middleware for simple access with multiple roles, "simple and beautiful"
Express middleware for simple access with multiple roles, "simple and beautiful"
npm install -save roles-easy
To can use this middleware you should have an authentication system such as JWT and save the token decode in req.decode, (note in public routes that obviously is not necessary), if you wanna know how implement JWT in express.js this tutorial can be useful Tutorial JWT
Once you have configured your JWT authentication system, you must define your roles inside an Array of Objects,
every object represents a role and have the next shape { rol: 'rolName', routes: { } }
( String ) Role nameroutes
( Object ) 'key' is the route, 'value' is an string of the valid actions
var roles = [
rol: 'admin',
routes: {
'/dashboard': 'get post put delete',
'/users': 'get',
'/blog': 'post',
More roles
In the following example we have 2 roles, 'admin' - 'member'
each with their own routes and the actions that are allowed in each one.
Note that in admin we use methods such as ( GET POST PUT DELETE ), but we can also do it faster by typing
or .write
Note the beginning point as it is necessary.
- Can only make GET requests
- Can only make POST PUT DELETE requests
var roles = [
rol: 'admin',
routes: {
'/dashboard': 'GET POST PUT DELETE',
'/users': 'GET',
'/blog': 'POST',
rol: 'member',
routes: {
'/galery': '.read',
'/profile': '.read .write'
We can also define public routes that do not need any authentication, to do them we define a role as 'public'
and the routes must be an array instead of an object
as for other roles, this allows you to define routes faster
// * * * Note the routes in public is an Array and member's routes is an Object
var roles = [
rol: 'public',
routes: [
rol: 'member',
routes: {
'/galery': '.read',
'/profile': '.read .write'
Finishing the configuration
var rolesEasy = require('./roles-easy')
// We defined the roles, routes and the valid actions
var roles = [
rol: 'public',
routes: [
rol: 'member',
routes: {
'/galery': '.read',
'/profile': '.read .write'
// Using Express
var express = require('express')
var app = express()
var checkToken = require('./auth.checkToken')
// The Middleware is created when you pass the roles
var checkRoles = rolesEasy(roles)
// This would be an public route
app.get('/', function (req, res) {
res.send('Hello World!');
// * * * This would be a protected route
// Use the Middleware in your API Before you should check
// the token and if is valid save the decode in req.decode
// This is done through of checkToken Middleware
api.get('/dashboard/:id', checkToken, checkRoles, ()=>{
message: 'Awesome'