app.get('/api/item/:id', (req, res) => { // ユーザー認証: AuthorizationヘッダーのJWTトークンを検証&Subjectを特定 const subject = authenticateSubject(req.headers) // 権限チェック if (checkPermission(subject)) { ... // API固有の処理を実行 res.send(...) // CORS関連のレスポンスヘッダーをつけて返却 } else { res.send(403) // 権限がないことを通知 } }) app.post('/api/item/:id', (req, res) => { // ユーザー認証: AuthorizationヘッダーのJWTトークンを検証&Subjectを特定 const subject = authent
![EnvoyでWebアプリのセキュリティ周りの関心事を分離する - Qiita](https://cdn-ak-scissors.b.st-hatena.com/image/square/7cb763122aa97ebca5373260149c46760519dab1/height=288;version=1;width=512/https%3A%2F%2Fqiita-user-contents.imgix.net%2Fhttps%253A%252F%252Fcdn.qiita.com%252Fassets%252Fpublic%252Farticle-ogp-background-9f5428127621718a910c8b63951390ad.png%3Fixlib%3Drb-4.0.0%26w%3D1200%26mark64%3DaHR0cHM6Ly9xaWl0YS11c2VyLWNvbnRlbnRzLmltZ2l4Lm5ldC9-dGV4dD9peGxpYj1yYi00LjAuMCZ3PTkxNiZ0eHQ9RW52b3klRTMlODElQTdXZWIlRTMlODIlQTIlRTMlODMlOTclRTMlODMlQUElRTMlODElQUUlRTMlODIlQkIlRTMlODIlQUQlRTMlODMlQTUlRTMlODMlQUElRTMlODMlODYlRTMlODIlQTMlRTUlOTElQTglRTMlODIlOEElRTMlODElQUUlRTklOTYlQTIlRTUlQkYlODMlRTQlQkElOEIlRTMlODIlOTIlRTUlODglODYlRTklOUIlQTIlRTMlODElOTklRTMlODIlOEIlMjAmdHh0LWNvbG9yPSUyMzIxMjEyMSZ0eHQtZm9udD1IaXJhZ2lubyUyMFNhbnMlMjBXNiZ0eHQtc2l6ZT01NiZ0eHQtY2xpcD1lbGxpcHNpcyZ0eHQtYWxpZ249bGVmdCUyQ3RvcCZzPThmYmQwYzNmZjJhZmY3MDgwN2RjODdmYzNjNTRmMWNm%26mark-x%3D142%26mark-y%3D112%26blend64%3DaHR0cHM6Ly9xaWl0YS11c2VyLWNvbnRlbnRzLmltZ2l4Lm5ldC9-dGV4dD9peGxpYj1yYi00LjAuMCZ3PTYxNiZ0eHQ9JTQwYXJhaWljaGlybyZ0eHQtY29sb3I9JTIzMjEyMTIxJnR4dC1mb250PUhpcmFnaW5vJTIwU2FucyUyMFc2JnR4dC1zaXplPTM2JnR4dC1hbGlnbj1sZWZ0JTJDdG9wJnM9MTJkYTU1OGU5ZWI1YmY2NjlhMTNjMTRjYTk0M2I0MDc%26blend-x%3D142%26blend-y%3D491%26blend-mode%3Dnormal%26s%3D46206ea03bcc38925e86c84711a3e9bc)