我有一个在mongoose和express上运行的node.js REST服务.我也使用merse来设置我的路由.
我现在想要实现的是以下类型的sceanrios:
Scenario I: e.g. blogpost
- GET -> no authentication required
- POST/PUT/DELETE -> authentication required
Scenario II: e.g. user
- GET -> authentication required
- POST/PUT/DELETE -> authentication required plus username of logged in user has to match
我已经看过everyauth和mongoose-auth了,但找不到能给我这种控制的东西.