Showing posts from January, 2014

Readable NodeJS authorization

Today I'm going to post a nifty piece of code for NodeJS authorization. Wow... It's been a while since I wrote something here. Let's get dirty, first of all there are 2 reasonable assumptions: You are using Express (or just Connect). You are using Passport (for authentication). Passport is used to get a current user and his role from Request object. For those who don't know: "authentication" is about finding out who the person is, classic example is email + password. Authorization is about what this person is allowed to do. In this example for clarity I'm going to use Coffeescript, but it can be easily translated into JS (by using for example ). What I wanted to do is to use rules in middleware style that works well with NodeJS async model. The goal for authorization is to look something like that: This is the cleanest API I could come up with. Custom function can do 3 things: Allow action by returning next(true) For