发表新帖
发表新帖

Node.js + Express.js User Permission Security Model

后端 未结
关注
4 1745
一生所求
一生所求 2020-12-12 08:50

We have an application that has two types of users. Depending on how the user logs in, we want them to have access to different parts of the application.

How do we i

相关标签:
4条回答
  • 醉酒成梦
    2020-12-12 09:10

    You can use ability-js with everyauth, which is quite similar to CanCan for Rails https://github.com/scottkf/ability-js

    0 讨论(0)
  • 灰色年华
    2020-12-12 09:13

    Take a look at this list for NodeJS ACL/Permission systems. IMHO OptimalBits node_acl looks best.

    0 讨论(0)
  • 青春惊慌失措
    2020-12-12 09:24

    There is now Node module permission for this. It's very easy to use, very similar to accepted answer, but still some features are added.

    0 讨论(0)
  • 孤街浪徒
    2020-12-12 09:27

    Having it per-route usually works for me. This is what I typically do:

    function requireRole (role) {
    return function (req, res, next) {
        if (req.session.user && req.session.user.role === role) {
            next();
        } else {
            res.send(403);
        }
    }
}

app.get("/foo", foo.index);
app.get("/foo/:id", requireRole("user"), foo.show);
app.post("/foo", requireRole("admin"), foo.create);

// All bars are protected
app.all("/foo/bar", requireRole("admin"));

// All paths starting with "/foo/bar/" are protected
app.all("/foo/bar/*", requireRole("user"));
    0 讨论(0)
 看不清?
提交回复
热议问题