Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Marionette securedRouter
define([
'underscore',
'marionette'
], function(_, Marionette) {
'use strict';
/**
* SecureRouter
*
* This class is similar to the marionette Approuter except
* that it verifies permissions before attempting to enter
* into routes on the controller.
*
* This separates the security logic from the controller and provides
* a syntax for us to configure SPA routes with security
*
* constructor options:
* isAuthorized is for you to create your own validation logic,
* return truthy for authorized, or falsy for unauthorized
* isAuthorized: function(){return true;};
*
* secureRoutes: {
* '/secureRoute': {
* authorized: 'securedControllerMethod',
* unauthorized: 'unauthorizedHandlerOnController',
* permissions: String || String[] || {} whatever you want, gets passed to isAuthorized
* }
* */
var SecureRouter = Marionette.AppRouter.extend({
constructor: function(options) {
Marionette.AppRouter.prototype.constructor.apply(this, arguments);
this.options = options || {};
this.isAuthorized = options.isAuthorized || function(){ return true; }
var secureRoutes = Marionette.getOption(this, 'secureRoutes');
var controller = this._getController();
this.processSecureRoutes(controller, secureRoutes);
},
// Internal method to process the `secureRoutes` for the
// router, and turn them in to routes that trigger the
// specified method on the specified `controller`.
processSecureRoutes: function(controller, secureRoutes) {
if (!secureRoutes) {
return;
}
var routeNames = _.keys(secureRoutes).reverse(); // Backbone requires reverted order of routes
_.each(routeNames, function(route) {
this._addSecureRoute(controller, route, secureRoutes[route]);
}, this);
},
_addSecureRoute: function(controller, route, secureRoute) {
var method = controller[secureRoute.authorized];
var unauthorizedRoute = controller[secureRoute.unauthorized];
if (!method) {
throwError('Method "' + secureRoute.authorized + '" was not found on the controller');
}
this.route(route, secureRoute.authorized, _.bind(function() {
if (this.isAuthorized(secureRoute.permissions)) {
method.apply(controller, arguments);
} else {
if (unauthorizedRoute) unauthorizedRoute.apply(controller, arguments);
console.log('unauthorized');
}
}, this));
}
});
return SecureRouter;
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.