How to create route based security policy in Sails js?
I have a Sails js application for 3 user groups, site admin, private user and public user.
Now url template looks like below for Admin,
'get /admin/foo': 'fooController.viewAll',
'post /admin/foo': 'fooController.add',
'put /admin/foo/:fooID': 'fooController.edit',
Url template for authenticated user,
'get /businesses/foo': 'fooController.viewAll',
'post /businesses/foo': 'fooController.add',
'put /businesses/foo/:fooID': 'fooController.edit',
Url template for public user,
'get /public/foo': 'fooController.viewAll',
I want to have a url pattern based user authentication policy, if the url is like / admin, does it check that the user is an admin? else if / business checks if the user is our existing user or not.
+3
source to share
1 answer
The request object has a field named originalUrl
. You can access it in your policy and decide depending on the url. The policy will look like this. [I am assuming you know how to define the policy and add it to the configuration.]
module.exports = function(req, res, next) {
var originalUrl = req.originalUrl;
var tokenizedOriginalUrl = originalUrl.split('/');
if(tokenizedOriginalUrl[0] == 'admin'){
// do something
next(null);
}
else if(tokenizedOriginalUrl[0] == 'business'){
// do something
next(null);
}
else if(tokenizedOriginalUrl[0] == 'public'){
// do something
next(null);
}
else{
next("Access prohibited.");
}
};
+2
source to share