'use strict'; module.exports = function authorize (authBackend) { return function authorizeMiddleware (req, res, next) { authBackend.authorize(req, res, (err, authorized) => { if (err) { return next(err); } if (!authorized) { err = new Error('Sorry, you are unauthorized (permission denied)'); err.http_status = 403; return next(err); } return next(); }); }; };