npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

express-role-manager

v1.0.1

Published

#### Express middleware for simple authorization with multiple roles.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

cmartinezdevcmartinezdev

Keywords

Readme

express-role-manager

Express middleware for simple authorization with multiple roles.

Easy and simple middleware for Express. Allows handling multiple commands based on the requester roles.

1. Installation

npm install --save express-role-manager

2. Usage

The module needs two steps to work. A configuration step, and the usage as middleware step.

2.1 Configuration

In this step, we can configure how the role manager get the roles from the request. We can also configure the command if there isn't a role match, and what the role manager have to do whit the role matches.

2.1.2 Initialization

In this step we create an instance of the express-role-manager.

// Import express-role-manager
var ExpressRoleManager = require('express-role-manager');

// Create instance
var erm = new ExpressRoleManager();

The constructor have one parameter, in which we can configure some default parameters. We can configure what to do when there isn't any role match ("defaultCommand") and if the middleware run all the commands that matches the roles or only the first one ("callAllCommands").

// Import express-role-manager
var ExpressRoleManager = require('express-role-manager');

// Options
var options = {
    defaultCommand: function(req, res, next) {
        res.sendStatus(403);
    },
    callAllCommands: false
}

// Create instance
var erm = new ExpressRoleManager(options);
2.2.3 Role getters

The second steps consist in configure how to get the roles from the request. To add a role getter we use the "addRoleGetter" function. We can use that function in two ways.

The first one consist on using a funcion as a parameter. That function must return a number or a string, or an Array of numbers or strings.

// Gets roles from token stored in request object
erm.addRoleGetter(function(req){
    return req.token.role;
});

The other way consist on using a key as first argument, and a funcion as a second arguments. If the function result evaluates to true, the key string will be added to the requester roles.

// Adds self role if the token id is equal to the tid parameter of the request.
erm.addRoleGetter("self", function(req){
    return req.token.id == req.params.tid;
});

You can add as many role getters as you want. All of them will be evaluated to get the list of roles of the request.

2.2 Middleware

After configure how to get the roles from the request we can use it as middleware. We have two different ways to do this using the "commandPerRole" function.

The first one is using an object as argument of the function. The keys of the object will be the roles, and the values the commands to run.

app.get('/test_1', erm.commandPerRole({
  admin: function(req, res, next){
    res.send("Command admin"); // If admin role in request
  },  
  user: function(req, res, next){
    res.send("Command user"); // If user role in request
  },
  self: function(req, res, next){
    res.send("Command self"); // If self role in request
  }
}));

The second way is using an array of objects as argument. Each one must have two propierties, an array of roles ("roles"), and the command to run if there is a role match ("command").

app.get('/test_2', erm.commandPerRole([
  {
    roles: ['user', 'self'],
    command: function(req, res, next) { // If user and self roles in request
      res.send('User modifying itself.')
    }
  },
  {
    roles: ['admin', 'self'],
    command: function(req, res, next) { // If admin and self roles in request
      res.send('Admin modifying itself.')
    }
  },
  {
    roles: ['admin'],
    command: function(req, res, next) { // If admin role in request
      res.send('Admin modifying other.')
    }
  }
]));

As can be seen in the example, each command is called with the req, res, next parameters of the request.

3. API