I'm building a REST JSON Api in Node.js with the Express.js framework. For authentication I use HTTP basic. This is my code so far:
var express = require('express');
var app = express();
app.configure(function(){
app.use(express.bodyParser());
});
// Http basic auth.
app.use(function(req, res, next){
if(req.headers.authorization && req.headers.authorization.search('Basic ') === 0){
var header = new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString();
var headerSplit = header.split(':');
var username = headerSplit[0];
var password = headerSplit[1];
if(username && password && (username.length >= 4 && password.length >= 2){
if(auth(username, password)){
next(); return;
} else {
res.send('Authentication required', 401);
}
}
} else {
res.header('WWW-Authenticate', 'Basic realm="Login with username/password"');
res.send('Authentication required', 401);
}
});
// Public
app.post('/restore-password', function(req, res){
});
// Public
app.get('/search', function(req, res){
});
// Public
app.post('/users', function(req, res){
});
// Private
app.get('/user', function(req, res){
});
// Private
app.get('/protected-data', function(req, res){
});
How could I properly seperate public and private functions in my REST api? I hope my question is clear.
Thanks for help.
I'm building a REST JSON Api in Node.js with the Express.js framework. For authentication I use HTTP basic. This is my code so far:
var express = require('express');
var app = express();
app.configure(function(){
app.use(express.bodyParser());
});
// Http basic auth.
app.use(function(req, res, next){
if(req.headers.authorization && req.headers.authorization.search('Basic ') === 0){
var header = new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString();
var headerSplit = header.split(':');
var username = headerSplit[0];
var password = headerSplit[1];
if(username && password && (username.length >= 4 && password.length >= 2){
if(auth(username, password)){
next(); return;
} else {
res.send('Authentication required', 401);
}
}
} else {
res.header('WWW-Authenticate', 'Basic realm="Login with username/password"');
res.send('Authentication required', 401);
}
});
// Public
app.post('/restore-password', function(req, res){
});
// Public
app.get('/search', function(req, res){
});
// Public
app.post('/users', function(req, res){
});
// Private
app.get('/user', function(req, res){
});
// Private
app.get('/protected-data', function(req, res){
});
How could I properly seperate public and private functions in my REST api? I hope my question is clear.
Thanks for help.
Share Improve this question edited Aug 6, 2012 at 14:25 Filburt 18.1k13 gold badges90 silver badges149 bronze badges asked Aug 6, 2012 at 14:20 onlineracoononlineracoon 2,9705 gold badges49 silver badges66 bronze badges 4- 1 @helmus ... call it what you want, I call it functions, my bike has functions, my api too, what a useless ment. – onlineracoon Commented Aug 6, 2012 at 14:23
- sorry didn't meant to be rude, just wanna keep things clear, check out this thread for possibly more adequate info stackoverflow./questions/7551/… – Willem D'Haeseleer Commented Aug 6, 2012 at 14:27
- @onlineracoon What do you mean by public/private? And what exactly you want to seperate? – freakish Commented Aug 6, 2012 at 14:28
- @freakish I mean, when users login they have access to "private" functionality of the API, when users are not logged in they can only do certain things (login, signup, restore-password etc.) – onlineracoon Commented Aug 6, 2012 at 14:32
1 Answer
Reset to default 7Don't use app.use because it adds the middleware to all routes. Define your authentication handler like this:
function authentication_required(req, res, next){
// The other authentication code goes here.
};
And now in every route you can do (for example) this:
// Public
app.post("/restore-password", function(req, res) {
console.log( "No need for authentication!" );
});
// Private (add authentication_required middleware to the route)
app.get("/settings", authentication_required, function(req, res) {
console.log( "I'm authenticated, so I can read this!" );
});