Docs Request: How can we add access control to various routes?

[parris]

I have some idea about how to add access control with koa and koa-mongo-rest. It would be nice to see it documented though since that may be a main point of concern before adopting this system.

Maybe something like:

apiAuthorizationMap = {
    '/api/users/:id': function* () {
            // this.session......
            yield true;
    }
};

app.use(function* (next) {
    // this.route doesn't quite work, but let's hand wave for now.
    if (this.method === 'GET' || apiAuthorizationMap[this.route].apply(this)) {
        yield next;
    } else {
         this.throw('Unauthorized', 401);
    }
});

Do you guys have a better way?