-
Notifications
You must be signed in to change notification settings - Fork 1
.6 API Documentation & Endpoints
Your Node.js + Express backend serves as the access control gatekeeper, checking permissions before routing users to the appropriate dashboard views.
If running locally:
http://localhost:5000
If deployed (e.g., on Render, Railway, or Heroku):
https://class-guard-backend.yourdomain.com
Used to validate whether a user can access a specific resource (dashboard).
{
"user": "user2345",
"resource": "admin-dashboard"
}
-
user: A unique user ID (or username) that exists in Permit.io. -
resource: One ofadmin-dashboard,student-dashboard, orteacher-dashboard.
{
"permitted": true
}
-
Returns
trueorfalsebased on permission logic.
app.post('/api/check-permission', async (req, res) => {
const { user, resource } = req.body;
try {
const allowed = await permit.check(user, 'view', resource);
res.json({ permitted: allowed });
} catch (err) {
res.status(500).json({ error: 'Permission check failed' });
}
});
const checkPermission = async () => {
const response = await fetch("http://localhost:5000/api/check-permission", {
method: "POST",
headers: {
"Content-Type": "application/json"
},
body: JSON.stringify({
user: "user2345",
resource: "admin-dashboard"
})
});
const data = await response.json();
return data.permitted;
};
| Endpoint | Method | Description | Auth Required |
|---|---|---|---|
| /api/login | POST | Authenticates user (optional JWT flow) | |
| /api/register | POST | Registers new user | |
| /api/user-role | GET | Gets a user's role from Permit.io | |
| /api/user-dashboard-access | POST | Logs dashboard access attempt |
Always wrap your permission logic in try-catch blocks and log detailed errors for easier debugging.
In the future, you can integrate JWT-based login so:
-
Users login → receive token
-
Token decoded to identify
user ID -
That ID used for permission checks
This would remove hardcoding and allow multiple user sessions.