Add authentication to Express.js APIs using GitHat. JWT validation middleware, session management, and multi-org access control.
Add production-ready auth to Express with GitHat's API. No passport strategies to configure — just HTTP calls to api.githat.io for token validation and user identity.
Build a reusable auth middleware: extract the Bearer token, validate against GitHat, and populate req.user with the user profile and org context. 401 if invalid.
Enforce RBAC in Express using GitHat's org roles. After token validation, check the user's org role to authorize actions. Owner > admin > member hierarchy.
npm install express node-fetch// middleware/auth.js
const fetch = require('node-fetch');
const GITHAT_API = 'https://api.githat.io';
async function requireAuth(req, res, next) {
const token = req.headers.authorization;
if (!token) return res.status(401).json({ error: 'Unauthorized' });
const resp = await fetch(`${GITHAT_API}/auth/me`, {
headers: { Authorization: token }
});
if (!resp.ok) return res.status(401).json({ error: 'Invalid token' });
req.user = await resp.json();
next();
}Ship authenticated apps in minutes, not weeks.