search

node-casbin / express-authz

express-authz is an authorization middleware for Express.js based on Casbin
https://casbin.org
Apache License 2.0
62 stars 9 forks source link

Is the example made for session or jwt? #5

Closed federicosan closed 5 years ago

federicosan commented 5 years ago

I don't understand this part

https://github.com/node-casbin/express-authz/blob/f26ab2fe2c218ef0f97b5fbaf2e74e5d465c114a/test/server.js#L21-L26

Are you just trying to get the logged in username, why saving it to req.user and not req.locals.user or req.locals.currentUser?

hsluoyz commented 5 years ago

Hi @federicosan ,

This is because in the authz plugin, we assume the the username is stored in req.user and Casbin enforcer will read it. You can modify the following getUserName() function to get the username string from anywhere you like.

https://github.com/node-casbin/express-authz/blob/e43c0f16294c691eb945e331e332dc7e544065df/authz.js#L41-L48

federicosan commented 5 years ago

Hi @hsluoyz, thank you for your reply. I am not that experienced in express but it seems the express-way to pass around data between middleware is to use req.locals, see it here -> https://expressjs.com/es/api.html#res.locals

hsluoyz commented 5 years ago

@nodece

hsluoyz commented 5 years ago

Hi @federicosan , we have a PR to solve this issue: https://github.com/node-casbin/express-authz/pull/6

Is it what you want?

federicosan commented 5 years ago

@hsluoyz Sorry for the delay, yes that's it!

hsluoyz commented 5 years ago

Nice. Close this issue now..