What is the best way to secure with MEAN.js

I work with mean.js and I have little doubt about authentication and authorization here ...

MEAN.js comes with a realistic version of package.js that seems to work well enough for me to know when a user is logged in. But at the time of authorization, a question arises in my mind. As I complete my research, I get answers to some questions, and I don’t know what is the best way to implement security API calls in my application.

So far I am making this decision:

Using the express.all () function to install all my authorization functions in a single file (I think this is the right practice?) Creating a file with the following code example:

'use strict';
var passport = require('passport');
module.exports = function(app) {

    app.route('/private/p/*').all(function(req, res, next){
        if(!req.isAuthenticated()){
            res.send(401);
        }else{
            next();
        }
    });

    app.route('/private/byRoles/*').all(function(req, res, next){
        if(!req.isAuthenticated()){
            res.send(401);
        }else{
             var urlRoles = ['admin', 'godlike'];
            // ROLE LOGICS THAT ARE GOING TO BE ADDED TO MY USER
            // GETTING MY USER ID BY THE DE-SERIALIZE PASSPORT FUNCTION AND GETTING MY 
            // MONGO MODEL FOR MY USER, WITH THE INFO OF ROLES IN THERE AND DOING 
            // SOME LOGICS HERE ABOUT THE ROLES AND URL PATTERN.
            if ( hasRole(urlRoles, user.roles)){
                next();
                }else{
                   res.send(401);
                }
        }
    });
};

, , , ... mean.js? ? , .. ( , ).. Oauth api??? , MEAN.js, ? . -... , .