- Create a folder called
middleware
, below the project folder. - Add the middleware files.
- Insert the dependencies on
index.js
- Modify the passport DAO to add the permissions in the user response.
Last active
May 16, 2017 11:25
-
-
Save pandres95/5b187a154268dcc2d85f3d5002363f37 to your computer and use it in GitHub Desktop.
Permissions checker in bool.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict'; | |
const Bool = require('bool.js'); | |
let API = new Bool('com.example.api', [ | |
/* ... include other dependencies ... */ | |
require.resolve('./middleware/permissions-check'), | |
require.resolve('./middleware/roles-check') | |
]); | |
module.exports = (API | |
.setServerLoader('booljs-express') | |
.setDatabaseLoader('booljs-mongoose') | |
).run(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict'; | |
module.exports = function (app) { | |
const Bearer = app.utilities['passport-http-bearer']; | |
const ClientPassword = app.utilities['passport-oauth2-client-password']; | |
const HTTP = app.utilities['passport-http']; | |
const Client = app.dao.Client; | |
const Token = app.dao.Token; | |
const User = app.dao.User; | |
this.bearer = function (passport) { | |
passport.serializeUser((user, done) => done(null, user)); | |
passport.deserializeUser((user, done) => done(null, user)); | |
return new Bearer.Strategy(async (accessToken, done) => { | |
try { | |
let token = await new Token().find(accessToken); | |
let user = token && await new User().find(token.user); | |
done(null, user && _(user.toObject()).extend({ | |
permissions: (_ | |
.chain(user.roles) | |
.map(role => role.permissions) | |
).flatten().unique().value(), | |
roles: _(user.roles).map(role => role._id) | |
}) || false); | |
} catch(error) { log.error(error); done(error); } | |
}); | |
}; | |
/* ... */ | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict'; | |
const API = require('booljs-api'); | |
module.exports = class PermissionsChecker extends API.RouteMiddleware { | |
constructor() { | |
super('permissions-checker', 'mandatory', { checkPermissions: true }); | |
this.priority = 10; | |
} | |
action(_instance, router, route) { | |
let app = _instance.getComponents(); | |
return function (request, response, next) { | |
log.debug(request.user); | |
if(_.intersection( | |
route.permissions, request.user.permissions | |
).length > 0) { return next(); } | |
return next(new app.Error(403, 'E_MISSINGPERMISSIONS', { | |
'en': 'You have insuficient permissions to execute this action', | |
'es': 'Tiene insuficientes permisos para ejectutar esta acción' | |
})); | |
}; | |
} | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict'; | |
const API = require('booljs-api'); | |
module.exports = class RolesChecker extends API.RouteMiddleware { | |
constructor(){ | |
super('roles-checker', 'mandatory', { checkRoles: true }); | |
} | |
action(_instance, router, route) { | |
let app = _instance.getComponents(); | |
return function (request, response, next) { | |
if(_(route.roles).intersection(request.user.roles).length > 0) { | |
return next(); | |
} | |
return next(new app.Error(403, 'E_INVALID_ROLE', { | |
'en': 'The actual user\'s role is invalid', | |
'es': 'El rol del usuario actual es invalido' | |
})); | |
}; | |
} | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment