(Auth)entification and (Auth)orization middleware for express.js


Simple Authorization middleware for express.js.

Validates access to resources based on express route parameters.

npm install auther
var auther = require('auther');


app.get('/company/:cid', auther.isAuthorized('admin', 'managers'), companyRoutes.get)   

// With passport.js
var setupFacebook = function() {

    autheur.initUser(user, rolesToResourcesHash, function(err) {


var rolesToResourcesHash = {
    admin: function(user, cb) {
        var roleToResources = {}

        roleToResources['cid'] = [companyId];

        done(null, roleToResources);

For each role in your application, implament a load_XXX function. First argument is the user object created in the authentication phase. Populate the user.AOHash for each of the resource types.