Using 'passport.isAuthenticated()' to check multiple user roles in Nodejs

Question

Here's my isAuthenticated function:

var isAuthenticated = function (req, res, next) {
if (req.isAuthenticated()) return next();
    res.redirect('/');
};

And here's a route for rendering view by using PassportJs isAuthenticated() function.

router.get('/', isAuthenticated, function (req, res, next) {
    res.render('dashboard');
});

This isAuthenticated function will render that view for all logged in users. Similarly I want some other view only accessible to admin users. Rather than creating a separate strategy or function in this case, can I use the same function for achieve this?

Like providing user role as parameter to isAuthenticated function and an additional check within function to check if the user object in request have the same role as provided in parameter? Or any other similar way to avoid writing another separate function/strategy? Also what would be the preferred & best approach? I'll appreciate if somebody can explain it in detail.

Answer 1

Passport stores the user info in sessions and uses these two sessions to serialize and deserialize users,

passport.serializeUser(function (req, user, done) {
    //Check user permission here and assign to user object.
    //user.permission = "user_permission"
    return done(null, user);
});

passport.deserializeUser(function (req, user, done) {
    done(null, user);
});

Inside your auth function you can check the permission as,

var isAuthenticated = function (req, res, next) {
  if (req.isAuthenticated()){
    if(req.user.permission === 'user_permission'){
       //route for admin
    }else{
       //rote for non-admin
    }
  }else{
    res.redirect('/');
  } 
};