书名：Full-Stack React Projects
作者名：Shama Hoque
本章字数：82字
更新时间：2021-06-25 21:45:10

Protecting user routes

We will add requireSignin and hasAuthorization to the user route declarations that need to be protected with authentication and also authorization.

Update the read, update, and delete routes in user.routes.js as follows.

mern-skeleton/server/routes/user.routes.js:

import authCtrl from '../controllers/auth.controller'
...
router.route('/api/users/:userId')
    .get(authCtrl.requireSignin, userCtrl.read)
    .put(authCtrl.requireSignin, authCtrl.hasAuthorization, 
     userCtrl.update)
    .delete(authCtrl.requireSignin, authCtrl.hasAuthorization, 
     userCtrl.remove)
...

The route to read a user's information only needs authentication verification, whereas the update and delete routes should check for both authentication and authorization before these CRUD operations are executed.