All geek questions in one place

Express: calling middleware from another middleware

I am new to Express 4 and I wonder how to implement this: I use jwt to authenticate the consumer of my API, to do this, I have a pretty simple middleware to check if the jwt token is valid:

var requireValidToken = function(req, res, next) {
  var token = req.body.token || req.query.token || req.headers['x-access-token'];
  if (token) {
    try {
      var decoded = jwt.verify(token, req.app.get('superSecret'));
    } catch(err) {
      return res.json({ success: false, message: 'Failed to authenticate token.' });  
    }
    req.user = decoded.user;
    next();
  } else {
    return res.status(403).send({ 
        success: false, 
        message: 'No token provided.' 
    });
  }
};

This works very well, but now I want to expand this to test the user role:

 router.get('/anAdminRoute', requireRole('ROLE_ADMIN'), function (req, res, next) {
      // some code...
 });

So, I added middleware for this:

var requireRole = function(role) {
  return function(req, res, next){
    // Dummy tests...
    if(req.user.role == roles.admin || req.user.role == role){
      next();
    } else {
      return res.status(403)({
        success: false,
        message: "Token valid, but you don't have the right permission to access this resource :)"
      });
    }
  }
}

But since this requireRole () function obviously checks for a valid jwt token, I am wondering how I can call my middleware requireValidToken inside this function, and therefore I don't need to explicitly specify it for every route I want to protect.

requireValidToken , .

:

:

var middleware2 = function(param) {
  return function(req, res, next){
    middleware1(req, res, function(){
      // middleware2 code
    });
  }
}

- , :

var jwt = require('jsonwebtoken'),
  roles = require('../models/user').roles; 

// authentication middleware
// check if the given jwt token is valid
var requireValidToken = function(req, res, next) {
  var token = req.body.token || req.query.token || req.headers['x-access-token'];
  if (token) {
    try {
      var decoded = jwt.verify(token, req.app.get('superSecret'));
    } catch(err) {
      return res.json({ success: false, message: 'Failed to authenticate token.' });  
    }
    req.user = decoded.user;
    next();
  } else {
    return res.status(403).send({ 
        success: false, 
        message: 'No token provided.' 
    });
  }
};

var requireRole = function(role) {
  return function(req, res, next){
    requireValidToken(req, res, function(){
      if(req.user.role == roles.admin || req.user.role == role){
        next();
      } else {
        return res.status(403).send({
          success: false,
          message: "Token valid, but you don't have the right permission to access this resource :)"
        });
      }
    });
  }
}

module.exports = {
  requireValidToken: requireValidToken,
  requireRole: requireRole
}
+7
1

. requireValidToken , req res . , , requireValidToken :

var requireRole = function(role) {
  return function(req, res, next){
    // Dummy tests...

    requireValidToken(req, res, function () {
      if(req.user.role == roles.admin || req.user.role == role){
        next();
      } else {
        return res.status(403)({
          success: false,
          message: "Token valid, but you don't have the right permission to access this resource :)"
        });
      }
    });
  }
};
+4

Source: https://habr.com/ru/post/1621755/

More articles:


All Articles