In this Node.js tutorial, I will tell you how to implement route middleware to check if a user has active subscription or not in Node.js APIs.
With subscription based application, There must be some restriction to give full access to user after expiration of plan.
So you can easily define a middleware which acts as a middle part between request and response for those routes which will be accessible after subscription.
You can also implement route middleware to check user authentication.
Middleware are just like a function with request object, response object and next method in the application request and response cycle.
For this example, I have a table called "users" having column "subs_ends_at" and I need to check if a user has active subscription then user can access the api otherwise user will get response with "HTTP Status Code 401" and column "subs_ends_at" will manage the end date of subscription.
Route middleware to check user subscription
- function validateSubscription(req, res, next)
- {
- var userId=(req.method == "GET") ? req.query.userId : req.body.userId;
- client.query("select subs_ends_at from users where id=?", [userId], function (error, result, fields) {
- if(error)
- {
- res.status(500).send({ "error": "true", "message": "Something went wrong","result": {}});
- }
- else if(result.length ==0)
- {
- res.status(200).send({ "error": "true", "message": "Sorry, User does not exists.","result": {}});
- }
- else{
- if(moment(result[0].subs_ends_at).diff(new Date(),'days') > 0){
- next();
- }else{
- res.status(402).send({ "error": "true", "message": "Sorry, Your subscription has been expired.","result": {}});
- }
- }
- });
- }
Above middleware will be implemented after login routes to check subscription status of logged in user by their user id.
First, i get the user id from request that can have "GET" or "POST" HTTP method.
There can be get and post both routes so i use req.method to get HTTP method in the middleware.
moment.diff will return the difference in days between two dates. For more details click here to calculate datetime difference
next() is not a predefined method of the Node.js, It is just a third argument that is passed to middleware method. If you want then you can rename it with anything but it is very necessary to avoid confusion by using valid naming convention.
Now i implement the "validateSubscription" middleware with routes to restrict user to access protected routes.
- module.exports = function(app) {
- app.get('/dashboard', validateSubscription, function(req, res) {
- res.send('Welcome to protected dashboard!');
- });
- };
Now if a user has active subscription then he will be able to access the dashboard routes.
