Closed moxious closed 8 years ago
@moxious you can protect your endpoints the same way you would otherwise with express. You can install a global initial authentication hook, you can install create a top level route to what your epilogue resources will use (e.g. /api/user), or you can use epilogue milestones. We even provide an auth
milestone for this explicit task:
var users = rest.resource({ model: User });
users.list.auth(function(req, res, context) {
// authenticate
});
or you can authenticate wherever you want, this is from the docs:
users.list.fetch.before(function(req, res, context) {
passport.authenticate('bearer', function(err, user, info) {
if (err) {
res.status(500);
return context.stop();
}
if (user) {
context.continue();
} else {
context.error(new ForbiddenError());
}
});
});
thank you; I had some trouble with the milestone documentation in that using "fetch" didn't seem appropriate, auth seems to be what I'm looking for (to protect all instances of and endpoint irrespective of method) but the documentation mentions the existence of auth but doesn't provide examples or description.
So it seems what I probably want is users.all.auth
Reading through the docs and the code, this is not apparent; I'm using
passport
but there are a number of other strategies.How can I reuse existing express middleware like passport in order to protect endpoints that I create via epilogue?
My experience is that I give epilogue a reference to my app when I initialize it, but it's unclear how it's using routes or how I can modify that to do this.