further refactoring of the route middlewares so they can be easily sh…

…ared amongst app routes
edwardysun · Jan 12, 2014 · dea044c · dea044c
1 parent 0afb2e6
commit dea044c
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 50 deletions.
diff --git a/app/routes/articles.js b/app/routes/articles.js
@@ -1,14 +1,24 @@
 'use strict';
 
-module.exports = function(app, passport, auth) {
-
-    // Article Routes
-    var articles = require('../controllers/articles');
+// Articles routes use articles controller
+var articles = require('../controllers/articles');
+var authorization = require('./middlewares/authorization');
+
+// Article authorization helpers
+var hasAuthorization = function(req, res, next) {
+	if (req.article.user.id != req.user.id) {
+        return res.send(401, 'User is not authorized');
+    }
+    next();
+}
+
+module.exports = function(app, passport) {
+
     app.get('/articles', articles.all);
-    app.post('/articles', auth.requiresLogin, articles.create);
+    app.post('/articles', authorization.requiresLogin, articles.create);
     app.get('/articles/:articleId', articles.show);
-    app.put('/articles/:articleId', auth.requiresLogin, auth.article.hasAuthorization, articles.update);
-    app.del('/articles/:articleId', auth.requiresLogin, auth.article.hasAuthorization, articles.destroy);
+    app.put('/articles/:articleId', authorization.requiresLogin, hasAuthorization, articles.update);
+    app.del('/articles/:articleId', authorization.requiresLogin, hasAuthorization, articles.destroy);
 
     // Finish with setting up the articleId param
     app.param('articleId', articles.article);

diff --git a/app/routes/index.js b/app/routes/index.js
@@ -1,6 +1,6 @@
 'use strict';
 
-module.exports = function(app, passport, auth) {
+module.exports = function(app, passport) {
 
     // Home route
     var index = require('../controllers/index');

diff --git a/app/routes/middlewares/authorization.js b/app/routes/middlewares/authorization.js
@@ -0,0 +1,11 @@
+'use strict';
+
+/**
+ * Generic require login routing middleware
+ */
+exports.requiresLogin = function(req, res, next) {
+    if (!req.isAuthenticated()) {
+        return res.send(401, 'User is not authorized');
+    }
+    next();
+};
diff --git a/app/routes/users.js b/app/routes/users.js
@@ -1,9 +1,18 @@
 'use strict';
 
-module.exports = function(app, passport, auth) {
-
-    // User Routes
-    var users = require('../controllers/users');
+// User routes use users controller
+var users = require('../controllers/users');
+
+// User authorization helpers
+var hasAuthorization = function(req, res, next) {
+    if (req.profile.id != req.user.id) {
+        return res.send(401, 'User is not authorized');
+    }
+    next();
+}
+
+module.exports = function(app, passport) {
+
     app.get('/signin', users.signin);
     app.get('/signup', users.signup);
     app.get('/signout', users.signout);

diff --git a/config/middlewares/authorization.js b/config/middlewares/authorization.js
diff --git a/server.js b/server.js
@@ -19,7 +19,6 @@ process.env.NODE_ENV = process.env.NODE_ENV || 'development';
 
 // Initializing system variables 
 var config = require('./config/config'),
-    auth = require('./config/middlewares/authorization'),
     mongoose = require('mongoose');
 
 // Bootstrap db connection
@@ -58,9 +57,12 @@ var walk = function(path) {
         var stat = fs.statSync(newPath);
         if (stat.isFile()) {
             if (/(.*)\.(js$|coffee$)/.test(file)) {
-                require(newPath)(app, passport, auth);
+                require(newPath)(app, passport);
             }
-        } else if (stat.isDirectory()) {
+        // We skip the app/routes/middlewares directory as it is meant to be
+        // used and shared by routes as further middlewares and is not a 
+        // route by itself
+        } else if (stat.isDirectory() && file !== 'middlewares') {
             walk(newPath);
         }
     });