I'm learning express and am currently writing an API, and have this structure:
app.route('/api/brief/:_id')
.get(function(req, res, next) {
// Check if the _id is a valid ObjectId
if (mongoose.Types.ObjectId.isValid(req.params._id)) {
// Do something
}else{
// Error
}
})
.put(function(req, res, next) {
// Check if the _id is a valid ObjectId
if (mongoose.Types.ObjectId.isValid(req.params._id)) {
// Do something
}else{
// Error
}
})
.delete(function(req, res, next) {
// Check if the _id is a valid ObjectId
if (mongoose.Types.ObjectId.isValid(req.params._id)) {
// Do something
}else{
// Error
}
});
Ideally I'd like to avoid the repetition (checking the validity of the ID).
Is there a way that I can structure the route as to avoid that repetition?
There are a few ways you can approach it. There is the app.all() method:
app.all("/api/*", function(req, res, next) {
if (req.params._id) {
if (mongoose.Types.ObjectId.isValid(req.params._id)) {
return next();
}
else {
// error handle
}
}
next();
});
Personally, I don't like catch-alls. I'd rather be more explicit:
function validateMongooseId (req, res, next) {
if ( mongoose.Types.ObjectId.isValid(req.params._id) ) {
return next();
}
else {
// error handle
}
}
function handleGet(req, res, next) {}
function handlePost(req, res, next) {}
function handlePut(req, res, next) {}
app.post("/api/brief", handlePost);
app.get("/api/brief/:_id", validateMongooseId, handleGet);
app.put("/api/brief/:_id", validateMongooseId, handlePut);
I put the .post() in there to demonstrate why I don't like the catch-all. It clearly doesn't apply to that endpoint. You may have other middleware functions that apply to it, so I'd rather explicitly have them on the endpoints that use them.
Related
I have a doubt about middelware in express.
I want to many thinks in one middleware. For example
I have this code y me middleware
module.exports = function(req,res,next) {
if(req.method === 'GET') {
res.end('GET method not supported');
} else {
next();
}
};
and I use it like this
app.route('/', <the_middleware>, (res, req, next) => {
// Code
})
But I am wondering if is possible to do something like this
app.route('/', <the_middleware>.<the function1>, (res, req, next) => {
// Code
})
app.route('/', <the_middleware>.<the_function2>, (res, req, next) => {
// Code
})
is there a possiblitity to do something like
function function1 (req,res,next) {
if(req.method === 'GET') {
res.end('GET method not supported');
} else {
next();
}
};
function function2 (req,res,next) {
if(req.method === 'GET') {
res.end('GET method not supported');
} else {
next();
}
};
module.exports = <I don`t know what go here>
Thanks.
Update. IT works, my code now is
The router
router.post('/', checkAuth.sayHi, checkAuth.sayBye, (req, res, next) => {
console.log('good');
res.status(200).send('it works');
console.log('yes');
});
The middleware
module.exports = {
sayHi(req, res, next) {
console.log('hi');
next();
},
sayBye(req, res, next) {
console.log('bye')
next();
}
};
You can just export an object containing both functions:
module.exports = {
function1,
function2
}
I am following a middleware chaining example from this question.
I have a route app.put('/users/:id', isAuthenticated, (req, res) => {db.updateUser(req.params.id, req.body)}. I am trying to write a middleware function that verifies that the ID provided in the URL matches the ID retrieved from the JWT included with the request.
I already have a function isAuthenticated that verifies the JWT and sets res.locals.userId to the UID retrieved; so I would like to simply make use of that in this new function canModifyTarget but for some reason the request hangs forever:
// This function works fine
isAuthenticated: function(req, res, next) {
let token;
if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
token = req.headers.authorization.split(' ')[1];
admin.auth().verifyIdToken(token).then((decodedToken) => {
res.locals.userId = decodedToken.uid;
return next();
}).catch((error) => {
return res.status(HttpStatus.UNAUTHORIZED).send();
})
}
}
// Switching out isAuthenticated for this in the route causes a permanent hang
canModifyTarget: function(req, res, next) {
console.log('This is printed');
return (req, res, next) => {
console.log('This is NOT printed');
isAuthenticated(req, res, () => {
if (req.params.id === res.locals.userId) {
return next();
}
return res.status(HttpStatus.FORBIDDEN).send();
})
}
}
middlewares should be callback functions that call "next()" once finished.
Your first function, when executed, is calling next() (eventually, after your promise is resolved)
Your second function isn't calling next(), it is just returning a function definition.
Define it like this
canModifyTarget: function(req, res, next) {
isAuthenticated(req, res, () => {
if (req.params.id === res.locals.userId) {
return next();
}
return res.status(HttpStatus.FORBIDDEN).send();
})
}
}
and if the third parameter of isAuthenticated is a callback, it should work
Also, you should define an "else" case in your isAuthenticated function, otherwise it will hang as well (maybe throw an exception or something?)
If you need to reference them, store them in variables rather than directly defining them in your module.exports:
const isAuthenticated = function(req, res, next) {
// code here
}
const canModifyTarget: function(req, res, next) {
// code here
}
module.exports = {
isAuthenticated,
canModifyTarget,
};
I think simpler is to define canModifyTarget as one more middleware. I.e:
function canModifyTarget(req, res, next) {
console.log('This is NOT printed');
if (req.params.id === res.locals.userId) {
return next();
}
return res.status(HttpStatus.FORBIDDEN).send();
}
and then just apply it after isAuthenticated middleware:
app.put(
'/users/:id',
isAuthenticated,
canModifyTarget,
(req, res) => {db.updateUser(req.params.id, req.body)}
);
Hope it helps.
I am just writing a solution where I needed to unify two kind of auth middlewares: password-based and apikey-based into one middleware: unifiedOrgAuth middleware.
So, basically this would enable me to just put unifiedOrgAuth middleware on those routes which need either the password-based or apikey-based auth.
The key thing was to pass the next function from the umbrella middleware to the underlying middleware by just calling the underlying middleware with the next function of the umbrella middleware:
unified auth middleware:
function unifiedOrgAuthMiddleware(
path: string,
perm: Permission
): express.RequestHandler {
return async (req: RequestWithOrg, _res: Response, next: NextFunction) => {
const cookies = req.cookies;
if (cookies && cookies.Authorization) {
(userAuthMiddleware(path, perm))(req, _res, next);
return;
}
const apiKey = req.header('X-API-KEY');
if (apiKey && apiKey.length > 0) {
(apiAuthMiddleware(path, perm))(req, _res, next);
return;
}
return next(new Error401Exception());
// Make linter happy.
};
}
Here are the underlying middlewares:
password-based auth middleware:
function userAuthMiddleware(
path: string,
perm: Permission
): express.RequestHandler {
return async (req, _res, next) => {
try {
const cookies = req.cookies;
if (!(cookies && cookies.Authorization)) {
next(new Error401Exception());
// Make linter happy.
return;
}
if (!validCookies(cookies)) {
next(new Error401Exception());
// Make linter happy.
return;
}
} catch (error) {
next(new Error401Exception());
// Make linter happy.
return;
}
next();
};
}
api-based auth middleware:
function apiAuthMiddleware(
path: string,
perm: Permission
): express.RequestHandler {
return async (req: RequestWithOrg, _res: Response, next: NextFunction) => {
const apiKey = req.header('X-API-KEY');
if (!apiKey) {
next(new Error401Exception());
// Make linter happy.
return;
}
if (!validApiKey(apiKey)) {
next(new Error401Exception());
// Make linter happy.
return;
}
next();
};
}
I am trying to check the authentication status with req.isAuthenticated() and then return ensureAuthenticated as true or false. My issue is nothing is logged in the console it seems like my ensureAuthenticated function is not running correctly.
app.get('/', ensureAuthenticated, function (req, res) {
if (ensureAuthenticated()) {
console.log('logged in')
} else {
console.log('not logged')
}
});
function ensureAuthenticated(req, res, next) {
Authenticate();
function Authenticate() {
if (req.isAuthenticated()) {
return true;
} else {
return false;
}
}
return Authenticate;
}
You aren't returning your value from ensureAuthenticated. Assuming everything in this is synchronous, then you can do this:
function ensureAuthenticated(req, res, next) {
function Authenticate() {
if (req.isAuthenticated()) {
return true;
} else {
return false;
}
}
return Authenticate();
}
Or, you can get rid of the internal function entirely:
function ensureAuthenticated(req, res, next) {
return req.isAuthenticated();
}
But, it's unclear what you think you're accomplishing by returning true or false from your middleware handler. What are you actually trying to accomplish with the ensureAuthenticated handler?
You can see middleware examples here in the Express doc. A typical middleware handler will either send a response or will call next() to pass control down the chain to the next handler.
Currently I am working on a nodeJS API, I have a model, and that model can have Media items, as you can see in my code here:
router.get('/:id', function(req, res, next) {
qbuilder.byId(Model,req)
.exec(
function(err,model){
Media.count({'model.entity': model._id}, function(err, media){
if(media){
console.log(media);
}
});
model.total_media = 15;
responders.sendJsonOrError(err, res, model, next);
});
});
Problem is, that the code:
model.total_media = 15;
Is not showing up in the responder, which is strange, because if I clean the object with: model = []; it returns empty.
Once I add lean() to my query, it returns the total_media in the responder, but then I get the problem that when I do like this:
router.get('/:id', function(req, res, next) {
qbuilder.byId(Model,req)
.exec(
function(err,model){
Media.count({'model.entity': model._id}, function(err, media){
if(media){
model.total_media = media;
}
});
responders.sendJsonOrError(err, res, model, next);
});
});
It is not populating the total_media, is there any other way to do this correctly?
Try with this. The response is sending before you assign values.
router.get('/:id', function(req, res, next) {
qbuilder.byId(Model,req)
.lean().exec(
function(err,model){
Media.count({'model.entity': model._id}, function(err, media){
if(media){
model.total_media = media;
}
responders.sendJsonOrError(err, res, model, next);
});
});
});
Hello guys here is my code:
function get_group(req, res, next) {
var send_result = function(err, group_list) {
[...]
res.send(group_list);
return next();
};
Group.findOne({'_id': req.params._id}, send_result);
}
Now how can I implement the async library (caolan) using async.series and combine the findOne() with send_result, the code as it is look pretty disorganised to me.
EDIT1:
I used this strategy but I am not sure is correct, any suggestion?
function get_group(req, res, next) {
async.waterfall([
function(callback) {
Group.findOne({'_id': req.params._id}, callback);
}
],
function (err, group_list){
res.send(group_list);
return next();
});
}
Any suggestion?
For what they call routes in Express.js you actually almost never need to use the async library. The reason is that routes are actually a sort of control flow them self. They take as many middleware as you want so you can divide your routes into small blocks of code.
For example lets say you want to get one record/document from a database do something with it and then send it as json. Then you can do the following:
var getOne = function(req, res, next){
db.one( 'some id', function(err, data){
if (err){
return next( { type: 'database', error: err } );
};
res.local( 'product', data );
next();
});
};
var transformProduct = function(req, res, next){
var product = res.locals().product;
transform( product, function(data){
res.local('product', data);
next();
});
};
var sendProduct = function(req, res, next){
var product = res.locals().product;
res.json(product);
};
app.get( '/product', getOne, transformProduct, sendProduct );
If you write middleware for your routes like this you'll end up with small building blocks you can easily reuse throughout your application.