Using Passport with Connect roles

Passport provides the Authentication layer necessary to find out WHO we're dealing with, but it doesn't offer an Authorization layer to determine if that person has the right to access a given resource.

Connect-roles offers such functionality, just be sure to load passport first:

var passport = require('passport');
var ConnectRoles = require('connect-roles');

var roles = new ConnectRoles();

app.use(express.cookieParser());
app.use(express.bodyParser());
app.use(express.session({ secret: 'keyboard cat' }));
app.use(passport.initialize());
app.use(passport.session());
app.use(roles.middleware());