Add api token in middleware using express.js and locomotive.js

Question

I'm building a rest api server that I will use with an angularjs frontend. I am trying to implement some middleware that runs on every request. For every request I want to check for an api token if present continuing checking if valid, if not present then return an unauthorized response without finishing the request.

The requests work before I try to add middleware, but as soon as I try to add middleware or catch the route before the main routes is when it times out.

http://localhost:3000/developer/test?api=fhgjtyd6fjrj4off6r4rhgjdldksrghiue750f
{
    response: {
        id: "test",
        api: "fhgjtyd6fjrj4off6r4rhgjdldksrghiue750f"
    }
}

Both of these routes will work, but I prefer the resource version. (http://locomotivejs.org/guide/routing/)

this.match('/developer', { controller: 'developer', action: 'show' });

this.resources('developer');

This is an example that I have been trying to follow because it looks like mostly what I need to do. (http://webapplog.com/intro-to-express-js-parameters-error-handling-and-other-middleware/), but currently every way I try to implement something like this it times out the routes. It will console.log() something in the method but it acts like it is waiting on something that it never gets. If I try to use the next() I get an undefined error and I do not want to inject the app into Authenticator or any other object.

function requiredParamHandler(param){
    //do something with a param, e.g., check that it's present in a query string
    return function (req,res, next) {
    //use param, e.g., if token is valid proceed with next();
        next();
    });
 }

 app.get('/api/v1/stories/:id', requiredParamHandler('token'), story.show);

     var story  = {
         show: function (req, res, next) {
             //do some logic, e.g., restrict fields to output
             return res.send();
         }
      } 

I started building an Auth module that will have the method in it to check and verify the api token.

var Authenticator = function () {

    this.requireApiToken = function() {
        console.log('requireApiToken');

    }

};

module.exports = Authenticator;  

I tried to do as express says to do in their api reference docs under

app.all(path, [callback...], callback)

app.all('/api/*', requireAuthentication);

I added that line above inside locomotives config/environments/all.js

auth = new Authenticator();
this.express.all('*', auth.requireApiToken);

But this is when the routes start timing out and I don't even get an error or anything;

I also tried using the regular routing method but it does the same thing.

this.match('/developer/:id', auth.requireApiToken, { controller: 'developer', action: 'show' });

I want to catch all routes coming to the server and check if an api token is present in the query string. If not present then send back an unauthorized response and if present do the checking and if all good continue to route to the correct route/controller. How do you accomplish this using locomotive and keeping the routes from timing out?

Answer 1

Your requireApiToken should act as a proper middleware, which is doesn't (it just console.log's something).

With middleware, you need to either send back a response, or continue running the middleware chain using the next function:

var Authenticator = function () {

  this.requireApiToken = function(req, res, next) {
    console.log('requireApiToken');
    next();
  };

};

module.exports = Authenticator;

Also, Locomotive copies some functions from Express so you can use them directly and don't have to use this.express to get them working. So this should work too (in config/environment/*.js):

var auth = new Authenticator;
this.use(auth.requestApiToken);