Skip to main content

Backend integration with Express JS

Scute can be integrated into an Express.js application using the @scute/node package. This package provides a middleware and a method called authenticateRequest that can be used to handle the authentication and authorization of users in your Express.js application.

Head over to the example project repo to run this example project and check out the type docs for more scuteClient methods.

Install the @scute/node package

First, install the @scute/node package using npm or yarn:

npm install @scute/node

Initialize the Scute client

In your entry point (usually app.ts) initialize the Scute client using the createClient method exposed by the @scute/node package:

// app.ts
// ... Redacted
import {
  createClient,
  authenticateRequest,
  scuteAuthMiddleware,
  type AuthenticatedRequest,
  InvalidAuthTokenError,
} from "@scute/node";

const scute = createClient({
  appId: process.env.SCUTE_APP_ID as string,
  baseUrl: process.env.SCUTE_BASE_URL as string,
});

// ... Redacted middleware and routes

Using the Scute middleware

You can use the scuteAuthMiddleware to protect routes that require authentication. The middleware will check if the user is authenticated and attach the user object to the request object.

// app.ts
// ... Redacted
import {
  createClient,
  authenticateRequest,
  scuteAuthMiddleware,
  type AuthenticatedRequest,
  InvalidAuthTokenError,
} from "@scute/node";

const scute = createClient({
  appId: process.env.SCUTE_APP_ID,
  baseUrl: process.env.SCUTE_BASE_URL,
});

// ... Redacted middleware and routes
app.get(
  "/authenticated-route-middleware",
  scuteAuthMiddleware(scute),
  async (req, res) => {
    const user = (req as AuthenticatedRequest).user;
    res.send(user);
  }
);

Using the authenticateRequest helper method

You can also use the authenticateRequest method to authenticate the user manually in your route handlers:

// app.ts
// ... Redacted
import {
  createClient,
  authenticateRequest,
  scuteAuthMiddleware,
  type AuthenticatedRequest,
  InvalidAuthTokenError,
} from "@scute/node";

const scute = createClient({
  appId: process.env.SCUTE_APP_ID,
  baseUrl: process.env.SCUTE_BASE_URL,
});

// ... Redacted middleware and routes

app.get("/authenticated-route", async (req, res) => {
  try {
    const user = await authenticateRequest(scute, req);
    res.send(user);
  } catch (error) {
    if (error instanceof InvalidAuthTokenError) {
      res.status(401).send("Unauthorized");
    } else {
      res.status(500).send("Internal Server Error");
    }
  }
});