Azure-Samples
diff --git a/‎.github/ISSUE_TEMPLATE.md‎
Lines changed: 1 addition & 0 deletions b/‎.github/ISSUE_TEMPLATE.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎2-Authorization/1-call-graph/README.md‎
Lines changed: 1 addition & 1 deletion b/‎2-Authorization/1-call-graph/README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎4-AccessControl/1-app-roles/App/app.js‎
Lines changed: 40 additions & 0 deletions b/‎4-AccessControl/1-app-roles/App/app.js‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎4-AccessControl/1-app-roles/App/appSettings.json‎
Lines changed: 24 additions & 0 deletions b/‎4-AccessControl/1-app-roles/App/appSettings.json‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎4-AccessControl/1-app-roles/App/controllers/dashboardController.js‎
Lines changed: 11 additions & 0 deletions b/‎4-AccessControl/1-app-roles/App/controllers/dashboardController.js‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎4-AccessControl/1-app-roles/App/controllers/mainController.js‎
Lines changed: 14 additions & 0 deletions b/‎4-AccessControl/1-app-roles/App/controllers/mainController.js‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎4-AccessControl/1-app-roles/App/controllers/todolistController.js‎
Lines changed: 30 additions & 0 deletions b/‎4-AccessControl/1-app-roles/App/controllers/todolistController.js‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎4-AccessControl/1-app-roles/App/data/cache.json‎ b/‎4-AccessControl/1-app-roles/App/data/cache.json‎
diff --git a/‎4-AccessControl/1-app-roles/App/data/db.json‎
Lines changed: 3 additions & 0 deletions b/‎4-AccessControl/1-app-roles/App/data/db.json‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎4-AccessControl/1-app-roles/App/package.json‎
Lines changed: 28 additions & 0 deletions b/‎4-AccessControl/1-app-roles/App/package.json‎
Lines changed: 28 additions & 0 deletions
@@ -13,6 +13,7 @@
     - [ ] 1-2) Sign-in with Azure AD B2C
     - [ ] 2-1) Acquire a Token and call Microsoft Graph
     - [ ]   3) Deploy to Azure Storage and App Service
+    - [ ] 4-1) Use App Roles for Role-based Access Control
 ```
 
 ## This issue is for a
 
@@ -39,7 +39,7 @@ This sample also demonstrates how to use the [Microsoft Graph JavaScript SDK](ht
 | `App/cache.json`            | Stores MSAL Node token cache data.                            |
 | `App/app.js`                | Application entry point.                                      |
 | `App/utils/graphManager.js` | Handles calls to Microsoft Graph using Graph JS SDK.          |
-| `App/utils/cacheManager.js` | Handles calls to protected APIs using Axios package.          |
+| `App/utils/fetchManager.js` | Handles calls to protected APIs using Axios package.          |
 
 ## Prerequisites
 
 
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+
+const express = require('express');
+const session = require('express-session');
+const path = require('path');
+
+const router = require('./routes/router');
+const SERVER_PORT = process.env.PORT || 4000;
+
+// initialize express
+const app = express(); 
+
+app.set('views', path.join(__dirname, './views'));
+app.set('view engine', 'ejs');
+
+app.use('/css', express.static(path.join(__dirname, 'node_modules/bootstrap/dist/css')));
+app.use('/js', express.static(path.join(__dirname, 'node_modules/bootstrap/dist/js')));
+
+app.use(express.urlencoded({ extended: false }));
+
+app.use(express.static(path.join(__dirname, './public')));
+
+app.use(express.json());
+
+/**
+ * Using express-session middleware. Be sure to familiarize yourself with available options
+ * and set as desired. Visit: https://www.npmjs.com/package/express-session
+ */
+app.use(session({ 
+    secret: 'ENTER_YOUR_SECRET_HERE', 
+    resave: false, 
+    saveUninitialized: false 
+}));
+
+app.use(router);
+
+app.listen(SERVER_PORT, () => console.log(`Msal Node Auth Code Sample app listening on port ${SERVER_PORT}!`));
@@ -0,0 +1,24 @@
+{
+    "credentials": {
+        "clientId": "Enter_the_Application_Id_Here",
+        "tenantId": "Enter_the_Tenant_Id_Here",
+        "clientSecret": "Enter_the_Client_Secret_Here"
+    },
+    "settings": {
+        "homePageRoute": "/home",
+        "redirectUri": "/redirect",
+        "postLogoutRedirectUri": "/"
+    },
+    "accessMatrix": {
+        "todolist": {
+            "path": "/todolist",
+            "methods": ["GET", "POST", "DELETE"],
+            "roles": ["TaskUser", "TaskAdmin"]
+        },
+        "dashboard": {
+            "path": "/dashboard",
+            "methods": ["GET"],
+            "roles": ["TaskAdmin"]
+        }
+    }
+}
@@ -0,0 +1,11 @@
+const lowdb = require('lowdb');
+const FileSync = require('lowdb/adapters/FileSync');
+const adapter = new FileSync('./data/db.json');
+const db = lowdb(adapter);
+
+exports.getAllTodos = (req, res) => {
+    const todos = db.get('todos')
+        .value();
+
+    res.render('dashboard', { isAuthenticated: req.session.isAuthenticated, todos: todos });
+}
@@ -0,0 +1,14 @@
+exports.getHomePage = (req, res, next) => {
+    res.render('home', { isAuthenticated: req.session.isAuthenticated });
+}
+
+exports.getIdPage = (req, res, next) => {
+    const claims = {
+        name: req.session.account.idTokenClaims.name,
+        preferred_username: req.session.account.idTokenClaims.preferred_username,
+        oid: req.session.account.idTokenClaims.oid,
+        sub: req.session.account.idTokenClaims.sub
+    };
+
+    res.render('id', { isAuthenticated: req.session.isAuthenticated, claims: claims });
+}
@@ -0,0 +1,30 @@
+const lowdb = require('lowdb');
+const FileSync = require('lowdb/adapters/FileSync');
+const adapter = new FileSync('./data/db.json');
+const db = lowdb(adapter);
+
+exports.getTodos = (req, res) => {
+    const owner = req.session.account.idTokenClaims['preferred_username'];
+
+    const todos = db.get('todos')
+        .filter({ owner: owner })
+        .value();
+
+    res.render('todolist', { isAuthenticated: req.session.isAuthenticated, todos: todos });
+}
+
+exports.postTodo = (req, res) => {
+    db.get('todos').push(req.body).write();
+    res.redirect('/todolist');
+}
+
+exports.deleteTodo = (req, res) => {
+    const id = req.params.id;
+    const owner = req.session.account.idTokenClaims['preferred_username'];
+
+    db.get('todos')
+        .remove({ owner: owner, id: id })
+        .write();
+
+    res.redirect('/todolist');
+}
@@ -0,0 +1,3 @@
+{
+    "todos": []
+}
@@ -0,0 +1,28 @@
+{
+  "name": "msal-node-tutorial-app-roles",
+  "version": "1.0.0",
+  "description": "A Node.js & Express web app using Azure AD App Roles to implement Role-based Access Control (RBAC)",
+  "main": "app.js",
+  "scripts": {
+    "start": "node app.js",
+    "dev": "nodemon app.js"
+  },
+  "author": "derisen",
+  "license": "MIT",
+  "dependencies": {
+    "@azure/msal-node": "^1.1.0",
+    "@microsoft/microsoft-graph-client": "^2.2.1",
+    "axios": "^0.21.1",
+    "bootstrap": "^4.5.3",
+    "ejs": "^3.0.1",
+    "express": "^4.17.1",
+    "express-session": "^1.17.1",
+    "isomorphic-fetch": "^3.0.0",
+    "lowdb": "^1.0.0",
+    "msal-express-wrapper": "git+https://github.com/Azure-Samples/msal-express-wrapper.git",
+    "nanoid": "^3.1.23"
+  },
+  "devDependencies": {
+    "nodemon": "^2.0.2"
+  }
+}