Hey all!As I'm starting with Backend development, I've decided to go with Node + Express for creating a REST API. I find the concept of middleware quite powerful, and similarly to the common one used to validate if a user is authenticated, I'm trying to figure out how to build one that checks if a user is Authorized to perform an action on a specific resource, without the need to perform a DB search to find if that resource belongs to a user.Let's take as an example a REST API that allows a user to have a collection of Books. Each Book have Pages associated to it. If a user wants to create new Page, following best practices it would perform a POST /books/{bookId}/pages request. Is there any way to check if the authenticated user is the owner of the Book with ID bookId?
Submitted February 15, 2020 at 07:38PM by JoeDeSouza
No comments:
Post a Comment