Is it possible to apply basic authentication / middleware in on routes with a whitelist in Express?

Question

Is it possible to apply basic authentication / middleware in on routes with a whitelist in Express?

I'm implementing a RESTful API with Express in Node, and I'm new to both. I'd like to use basic authentication to control access.

I would like to apply it using something like a whitelist but I'm not sure how to do that.

Blacklisting is easy, I can just pepper my #VERB calls with the second argument:

app.get('/', asyncAuth, requestHandler);

I can take that even further and blacklist everything with:

app.all('*', asyncAuth, requestHandler);

But I want to apply my basicAuth to every single route, except for POST /users. Is there an elegant way to do that? Can I use the 'blacklist' approach then selectively remove it from the routes I'd like? I couldn't figure out how.

node.js
express
basic-authentication

Answer 1

Define your route for POST /users before the blacklisted routes:

app.post('/users', function(req, res) {
  ...
});

app.all('*', asyncAuth, requestHandler);

Answer 2

You could maintain a list of regexps that are whitelisted, and match the url against each url in the list, if it matches any then proceed, else require auth

app.all('*', asyncAuth);

function asyncAuth(req, res, next) {
    var done = false;
    whitelist.forEach(function(regexp) {
        if (req.url.match(regexp)) {
            done = true;
            next();
        }
    });
    if (!done) requireAuth(next);
}

Something along those lines