Node-auth is an express middleware for authentication and authorization.
It creates a REST API with multiple endpoints. The default routes, which can be configured, are:
Besides creating these endpoints, it also creates an express middleware that intercepts all requests, and (default, can be overruled) blocks all unauthenticated users.
It is also very simple to create an XACML (eXtensible Access Control Markup Language)-like authorization system. It only resembles XACML in that you can use policy sets, with multiple policies, and each policy can have multiple rules that govern access to your resources. Each rule is typically formulated by specifying the SUBJECT that can take an ACTION on a RESOURCE.
The policy store allows you to create policy enforcers or guards to protect your resources. There is also one additional route for editing the policies.