Home > Back-end >  importing the request in expressjs
importing the request in expressjs

Time:01-21

I'm creating a helper method in my code which I can use for authorizing users,

I am creating a function called "usePermissions" following the react way but on the back-end.

The usePermissions() will return true or false based on some x, y and z.

But this method depends on the request object,

so in order to make it work, I'll everywhere have to call usePermissions(req), ex:

import usePermissions from 'hooks/usePermissions'

usersRouter.delete('/users/:userId', async (req, res, next)=>{
  const { verify } = usePermissions(req)
  if(verify('deleteUsers')) await UserModel.delete(req.params.userId)
  // ...
})

Is there a way to package this "usePermissions" helper method with the request object?

I want it to automatically have the request object, I don't want to keep passing it as a variable,

how to make it have the request object without having to pass it as an argument to it, is it possible?

ex:

import usePermissions from 'hooks/usePermissions'

usersRouter.delete('/users/:userId', async (req, res, next)=>{
  const { verify } = usePermissions() // <-- see, I want to not pass the req object
  if(verify('deleteUsers')) await UserModel.delete(req.params.userId)
  // ...
})

CodePudding user response:

You can create a middleware that will call usePermissions and append result to the Request object, so it will become available in all your handlers without explicitly calling it.

Your middleware code might look something like (read more about using middlewares in Express app)

export function getUsePermissions = (req, res, next) => {
  const { verify } = usePermissions(req);
  req['verify'] = verify

  // moving to the next middleware in chain, now Request object has a verify property
  return next()
}

and in your express app, add getUsePermissions middleware

express.use(getUsePermissions);

now you can use extract usePermissions from request object in your handlers:

usersRouter.delete('/users/:userId', async (req, res, next)=>{
  const { verify } = req['verify'];
  if(verify('deleteUsers')) await UserModel.delete(req.params.userId)
  // ...
})

CodePudding user response:

Yes, you can use it as middleware and you will get a response, request and next object by default.

import usePermissions from 'hooks/usePermissions'

usersRouter.delete('/users/:userId', usePermissions , async (req, res, next)=>{
  if(verify('deleteUsers')) await UserModel.delete(req.params.userId)
  // ...
})

usePermissions Function will be like this:

const usePermissions = (request, response, next) => {

      const isPermitted = 'you logic';
      if (isPermitted) {
          next(); // this will automatically call the next middleware 
                  // in your case it will call the next callback in the userRouter
      } else {
         response.send('You don't have permission'); // just added a sample text for brevity
      }
      
}

You can read more about middlewares here.

  • Related