Authorizing APIs with Custom Middleware
With passportâs Google strategy set up and Redis configured to store session information, weâre in position to develop some protected user APIs. Unlike the book and bundle APIs we developed in the last chapter, these APIs will provide access to information specifically for logged-in users.
Here are the endpoints weâll create, and the HTTP verbs theyâll support. They all return JavaScript Object Notation (JSON):
-
/api/user (GET)âBasic information about the user (like the userâs identifier)
-
/api/user/bundles (GET)âObject that maps bundle IDs to bundle names
-
/api/user/bundles (PUT)âOverwrites the bundle mapping object with the provided JSON body
Implementing these APIs will give us a chance ...
Get Node.js the Right Way now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.