A permissions system for Node and Express
include the troll library and setup any of the strategies you want to include.
You can make your own strategy functions or use some of the premade ones
var trollbridge = require('trollbridge');trollbridge.addStrategies([
trollbridge.PREMADESTRATEGIES.PASSPORT,
require('./myownstrategy')
]);When creating routes, add a middleware for each route you want to secure
app.get('/user/edit', trollbridge.shallNotPass('edit_user'), userEditFunct));You can also include a locals variable for templating languages
app.use(function(req, res, next) {
res.locals.has_permission = trollbridge.layoutHasPermission(req);
next();
})and then in your template
{% if has_permission('edit_user') %}
<a href="/user/edit">Edit User</a>
{% endif %}Strategies will throw an error if they are unable to be authenticated.
//sample strategy
module.exports = function(req, permission) {
if (!req.isAuthenticated()) {
throw "User is not authenticated";
}
if (typeof req.user === 'undefined' || req.user == null) {
throw "Should not be able to login";
}
}