Added extra url end-points for checking authentication and authorization

dilgerma · Oct 15, 2012 · 2f951a7 · 2f951a7
1 parent 35f271c
commit 2f951a7
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/lib/security.js b/lib/security.js
@@ -39,6 +39,7 @@ var security = {
   },
   sendCurrentUser: function(req, res, next) {
     res.json(200, filterUser(req.user));
+    res.end();
   },
   login: function(req, res, next) {
     function authenticationFailed(err, user, info){

diff --git a/server.js b/server.js
@@ -67,6 +67,16 @@ app.post('/logout', security.logout);
 // Retrieve the current user
 app.get('/current-user', security.sendCurrentUser);
 
+// Retrieve the current user only if they are authenticated
+app.get('/authenticated-user', function(req, res) {
+  security.authenticationRequired(req, res, function() { security.sendCurrentUser(req, res); });
+});
+
+// Retrieve the current user only if they are admin
+app.get('/admin-user', function(req, res) {
+  security.adminRequired(req, res, function() { security.sendCurrentUser(req, res); });
+});
+
 // This route deals enables HTML5Mode by forwarding missing files to the index.html
 app.all('/*', function(req, res) {
   // Just send the index.html for other files to support HTML5Mode