Routes and Redirects

Learn how to protect your routes and redirects.

We'll cover the following

Routes

You will usually use some type of abstracted access control layer on top of your regular controllers/routes/etc. This layer should map your routes to the access level required to view that route. For example, /user/* might only be accessible to users in the “admin” group, as implemented in the previous lesson. POST and PUT requests might only be accessible to “editors.” DELETE requests should only be accessible by “admins.” We can accomplish this in Express by building on the examples in the previous lesson. Add additional middleware to check the user’s credentials against other groups:

Get hands-on with 1400+ tech skills courses.