1'use strict'23/**4 * Module dependencies.5 */67var express = require('../../');89var app = module.exports = express();1011// create an error with .status. we12// can then use the property in our13// custom error handler (Connect respects this prop as well)1415function error(status, msg) {16  var err = new Error(msg);17  err.status = status;18  return err;19}2021// if we wanted to supply more than JSON, we could22// use something similar to the content-negotiation23// example.2425// here we validate the API key,26// by mounting this middleware to /api27// meaning only paths prefixed with "/api"28// will cause this middleware to be invoked2930app.use('/api', function(req, res, next){31  var key = req.query['api-key'];3233  // key isn't present34  if (!key) return next(error(400, 'api key required'));3536  // key is invalid37  if (apiKeys.indexOf(key) === -1) return next(error(401, 'invalid api key'))3839  // all good, store req.key for route access40  req.key = key;41  next();42});4344// map of valid api keys, typically mapped to45// account info with some sort of database like redis.46// api keys do _not_ serve as authentication, merely to47// track API usage or help prevent malicious behavior etc.4849var apiKeys = ['foo', 'bar', 'baz'];5051// these two objects will serve as our faux database5253var repos = [54  { name: 'express', url: 'https://github.com/expressjs/express' },55  { name: 'stylus', url: 'https://github.com/learnboost/stylus' },56  { name: 'cluster', url: 'https://github.com/learnboost/cluster' }57];5859var users = [60  { name: 'tobi' }61  , { name: 'loki' }62  , { name: 'jane' }63];6465var userRepos = {66  tobi: [repos[0], repos[1]]67  , loki: [repos[1]]68  , jane: [repos[2]]69};7071// we now can assume the api key is valid,72// and simply expose the data7374// example: http://localhost:3000/api/users/?api-key=foo75app.get('/api/users', function (req, res) {76  res.send(users);77});7879// example: http://localhost:3000/api/repos/?api-key=foo80app.get('/api/repos', function (req, res) {81  res.send(repos);82});8384// example: http://localhost:3000/api/user/tobi/repos/?api-key=foo85app.get('/api/user/:name/repos', function(req, res, next){86  var name = req.params.name;87  var user = userRepos[name];8889  if (user) res.send(user);90  else next();91});9293// middleware with an arity of 4 are considered94// error handling middleware. When you next(err)95// it will be passed through the defined middleware96// in order, but ONLY those with an arity of 4, ignoring97// regular middleware.98app.use(function(err, req, res, next){99  // whatever you want here, feel free to populate100  // properties on `err` to treat it differently in here.101  res.status(err.status || 500);102  res.send({ error: err.message });103});104105// our custom JSON 404 middleware. Since it's placed last106// it will be the last middleware called, if all others107// invoke next() and do not respond.108app.use(function(req, res){109  res.status(404);110  res.send({ error: "Sorry, can't find that" })111});112113/* istanbul ignore next */114if (!module.parent) {115  app.listen(3000);116  console.log('Express started on port 3000');117}