What is express-profile-validator⬆
express-profile-validator is a middleware
for validating permissions on a resource of an express application.
Designed to be easy and quick to apply, as well as providing scalability during the development stage.
Install module using
npm install express-profile-validator
Previous considerations⬆
To use this middleware is neccesary consider two things:
-
If your express app use JWT like authentication method is necessary what JWT be sended like request
Authorization
header withBearer
type. -
Regardless of which authentication method your express application is using, you must ensure that in your JWT or Session there is an object that respects the
Profile
interface.
Important: Name this property/claim like loggedProfile
.
interface Profile {
id: number
name: string
}
Methods⬆
executeWithSession⬆
This method can be called when your express app is using Session
, verify if Request
session logged profile is included in authorized profiles
set.
import express from "express";
const router = express.Router();
router.get('/my-awesome-endpoint', ProfileAuthorization.executeWithSession(authorizedProfiles), myAwesomeController.myAwesomeFunction);
executeWithJWT⬆
This method can be called when your express app is using JWT
, verify if Token claim
logged profile is included in authorized profiles
set.
import express from "express";
const router = express.Router();
router.get('/my-awesome-endpoint', ProfileAuthorization.executeWithJWT(authorizedProfiles), myAwesomeController.myAwesomeFunction);
This middleware is designed to be used at the route level as we saw in methods:
router.get('/my-awesome-endpoint', ProfileAuthorization.executeWithSession(authorizedProfiles), myAwesomeController.myAwesomeFunction);
or at the router level:
router.use(ProfileAuthorization.executeWithSession(authorizedProfiles));
router.get('/my-awesome-endpoint', myAwesomeController.myAwesomeFunction);
router.post('/my-awesome-post-endpoint', myAwesomeController.myAwesomeCreateFunction);
In this last example both endpoints will be affected by the middleware, and all those added in the future.
Contributions are welcome! Please feel free to submit a pull request.