Tutorial 2 - Authorisation with ExpressJS

Apart from authentication which verifies if the user has a valid account, authorisation is also equally important to determine the level of access this account has in your platform. For example, there are 2 users, one an administrator and another a regular user. An administrator is able to access all parts of the platform as its role is the highest in the platform. But a user is only allowed to access limited parts around the platform as it requires an account with higher privileges to access the rest of the platform.

Without authorisation, any user is able to access every part of the platform without limits, this could be dangerous as a regular user is able to modify parts of the platform that are supposed to be touched by an administrator.

To set up authorisation within the platform, we determine the level of access a particular user has to their cookie. We issue the user cookies which contain their account role. We will create a 3-page simplified platform. The first page will be the main page whereby the user can grant themselves an administrator or regular user role. The main page will also allow them to navigate to the other pages. The other 2 pages are the administrator page and a user page.

The gist of authorisation is to limit the scope of what various groups of users have access to and ultimately answers the question of "What can this user have access to?". Without further ado, let us dive straight into Authorisation with ExpressJS.

For technical help on the StackUp platform join our Discord, head to the 🆘｜general-help.