Expressframework~30 mins

Permission middleware in Express - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Permission middleware

📖 Scenario: You are building a simple Express server that controls access to certain routes based on user roles.Users have roles like 'admin' or 'user'. You want to create a middleware function that checks if the user has permission to access a route.

🎯 Goal: Create a permission middleware function that checks if the logged-in user has the required role to access a route. Then apply this middleware to protect a route.

📋 What You'll Learn

Create an Express app with a sample user object

Define a required role variable for permission checking

Write a middleware function called checkPermission that checks the user's role

Use the checkPermission middleware on a protected route

💡 Why This Matters

🌍 Real World

Permission middleware is used in web servers to control access to routes based on user roles or permissions, ensuring security and proper authorization.

💼 Career

Understanding middleware and permission checks is essential for backend developers working with Express or similar frameworks to build secure APIs.

Progress0 / 4 steps

Create a sample user object

Create a variable called user that is an object with these exact properties: name set to 'Alice' and role set to 'user'.

Express

# Create the user object with name 'Alice' and role 'user'
# Your code here

Need a hint?

Use const user = { name: 'Alice', role: 'user' };

Define the required role variable

Create a variable called requiredRole and set it to the string 'admin'.

Express

const user = { name: 'Alice', role: 'user' };
// Define the required role as 'admin'
// Your code here

Need a hint?

Use const requiredRole = 'admin';

Write the permission middleware function

Write a middleware function called checkPermission that takes req, res, and next as parameters. Inside it, check if user.role is equal to requiredRole. If yes, call next(). Otherwise, respond with status 403 and JSON message { error: 'Access denied' }.

Express

const user = { name: 'Alice', role: 'user' };
const requiredRole = 'admin';

// Write the checkPermission middleware function
// Your code here

Need a hint?

Check the user's role and call next() if allowed, else send a 403 response.

Use the middleware on a protected route

Create an Express app by requiring express and calling express(). Then create a GET route at '/admin' that uses the checkPermission middleware. The route handler should respond with JSON { message: 'Welcome admin' }.

Express

const user = { name: 'Alice', role: 'user' };
const requiredRole = 'admin';

function checkPermission(req, res, next) {
    if (user.role === requiredRole) {
        next();
    } else {
        res.status(403).json({ error: 'Access denied' });
    }
}

// Create an Express app and add a GET '/admin' route using checkPermission middleware
// Your code here

Need a hint?

Use app.get('/admin', checkPermission, (req, res) => { ... }) to protect the route.