Prevent APIs using PassportJS

Question

I have end-points like below:

app.post(api + '/channels/:channel_id/albums', user.ensureAuthenticated, album.create);
app.get(api + '/channels/:channel_id/albums/published', user.ensureAuthenticated,album.publishedAlbums);
app.get(api + '/channels/:channel_id/albums', user.ensureAuthenticated, album.findAll);

It all works fine, but it's annoying for me to put user.ensureAuthenticated in each of the end-points, are there any method that you can once put the user.ensureAuthentication at once for all?

For ex: Laravel has such options like beforeAuth you make an if and inside that u put all the end-points that you want to make protected.

like for ex:

if(user.ensureAuthenticated){
  // endpoints declariations
}else{
  // redirect to login
}

Thanx

score 1 · Accepted Answer · edited May 23 '17 at 10:24

1

You will find an answer here : Only allow passportjs authenticated users to visit protected page

Especially this kind of code :

//checks to be sure users are authenticated
app.all("*", function(req, res, next){
if (!req.user) 
    res.send(403);
else
    next();
});

All endpoints will be secured.

edited May 23 '17 at 10:24

Community

1
1

answered Mar 30 '15 at 12:35

Spawnrider

1,727
1
19
32

After this code without the user.ensureAuthenticated parameter. – Spawnrider Mar 30 '15 at 13:14
What if my routes are not in one single file? – Lulzim Mar 30 '15 at 15:11
No problem, just put the app.all route before all your code. – Spawnrider Mar 30 '15 at 15:26
That's the problem actually :), bc I dont want those other routes to be protected as some of them should be public. – Lulzim Mar 30 '15 at 16:49
May you use a whitelist system on a subset of routes using a function like in this sample : http://stackoverflow.com/questions/11650489/express-js-sessions-activated-on-a-subset-of-routes – Spawnrider Mar 30 '15 at 17:18

Prevent APIs using PassportJS

1 Answers1