Skip to content

Middlewares

Jump to bottom
Thomas Lynch edited this page Oct 2, 2024 · 5 revisions

Middlewares and their use

  • useSession - Initialise session from cookie
  • useJWT - Initialise session from jwt
  • fetchSession - Fetch the account from the database based on the session identifier
  • checkSession - Check that the users is logged in i.e the previous fetchSession returned a user
  • onboardedMiddleware - Check if the user set their role and/or default model credentials
  • csrfMiddleware - Makes req.csrfToken() available to put in pages/json responses for GETs, or checks the _csrf body validity for POST/PUT/DELETE/etc
  • setPermissions - Set res.locals.permissions based on the current org/team context
  • hasPerms - Check if a single, or multiple (or/any) permissions are true
  • checkSubscriptionPlan - Check for a specific subscription plan
  • checkSubscriptionBoolean - Check if the subscription plan has a boolean set to true e.g. dataConnections in PricingMatrix
  • checkSubscriptionLimit - Check if a number usage e.g. users (number of team members) is below the limit in PricingMatrix
  • checkResourceSlug - Check if the :resourceSlug param (team id) is valid for the current user and set matchingTeam and matchingOrg locals
  • checkResourceSlug - Same thing but checks a query string
  • setDefaultOrgAndTeam - Set matchingTeam and matchingOrg locals based on the currentTeam from the session account.

Important locals

Note: all of these are keys under res.locals e.g. account -> res.locals.account.

  • account - The authed users account with some fields projected away set by fetchSession
  • stripe - The stripe property from the account of the org owner in the current context, or the current account if not a route that has a team/org context set by checkSubscription
  • data - Temporary data that is passed to the page props by getServerSideProps in SSR'd pages, set in the controllers
  • limits - Limits based on the current subscription and team/org context set by checkSubscription
  • matchingTeam - Team of the current request context (note: _id prop is renamed to id) set by checkResourceSlug and similar
  • matchingOrg - Org of the current request context (note: _id prop is renamed to id) set by checkResourceSlug and similar
  • permissions - Permissions of the user in the current request context, set by setPermissions
Clone this wiki locally